我正在尝试将表单字段的内容发布到MySql数据库中。博客的标题和内容应该发布到mysql表中,但我不断收到此错误: 注意:未定义索引:第10行/home/ooze/public_html/main2/uploadblog.php中的titleblog注意:未定义索引:第11行/home/ooze/public_html/main2/uploadblog.php中的blogcontent。
<table>
<tr class="top row" style="font-weight: bold;"><td>
<p>Upload your blog</p>
<form name="f4" action="uploadblog.php" method="post" enctype="multipart/form-data">
title: <input type="text" name="titleblog" />
<br/>
<textarea name="blogcontent" rows="10" columns="60" style="width:350px; height:150px;">Enter you blog here
</textarea>
<br/>
<input type="submit" value="Submit" style="margin-left: 300px;"/>
</form>
</td></tr>
</table>
这是php代码:
<?php
session_start();
?>
<?php
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>
答案 0 :(得分:0)
<?php
if(isset($_post['submit']) && $_post['submit'] == 'Submit') {
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
}
?>
并且还缺少值字段。像这样<input type="text" name="titleblog" value="" />
答案 1 :(得分:0)
你忘了逃避字符串以防止SQL注入:
<?php
session_start();
?>
<?php
$a = mysql_real_escape_string($_POST["titleblog"]); // <--
$b = mysql_real_escape_string($_POST["blogcontent"]); // <--
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>
有关SQL注入的详细信息,请参阅:
http://php.net/manual/en/security.database.sql-injection.php