从html页面在数据库中插入统计信息

时间:2012-08-13 06:00:28

标签: php mysql html

我已经制作了一些我要插入数据库的统计数据来查看流量统计信息。 我主要使用HTML页面,因此我使用POST方法获取由PHP文件发布的统计信息,但它不起作用,没有统计信息插入到数据库表中。

HTML代码

    <form action="_global/stats/stats.php" method="post">
    <input type="hidden" name="stats" value="true" />
    </form>

PHP代码

        if (isset($_POST['stats']))
    {
    $stats = $_POST['stats'];
    }
    else
    {$stats="false";}

    if ($stats == "true"){ 

        if(!empty($_SERVER['REQUEST_URI'])){
        $url = $_SERVER['REQUEST_URI'];
        }else{$url = "";}

        if(!empty($_SERVER['REMOTE_ADDR'])){
        $user_ip = $_SERVER['REMOTE_ADDR'];
        }else{$user_ip = "";}

        if(!empty($_SERVER['REMOTE_PORT'])){
        $user_port = $_SERVER['REMOTE_PORT'];
        }else{$user_port = "";}

        if(!empty($_SERVER['SERVER_ADDR'])){
        $server_ip = $_SERVER['SERVER_ADDR'];
        }else{$server_ip = "";}

        if(!empty($_SERVER['SERVER_PORT'])){
        $server_port = $_SERVER['SERVER_PORT'];
        }else{$server_port = "";}

        if(!empty($_SERVER['REQUEST_METHOD'])){
        $request_type = mysql_real_escape_string ($_SERVER['REQUEST_METHOD']);
        }else{$request_type = "";}

        if(!empty($_SERVER['HTTP_USER_AGENT'])){
        $browser_type =  mysql_real_escape_string ($_SERVER['HTTP_USER_AGENT']);
        }else{$browser_type = "";} 

    mysql_query("INSERT INTO jinendra_statistics.statistics SET url='$url', user_ip='$user_ip', user_port='$user_port', server_ip='$server_ip', server_port='$server_port', request_type='$request_type', browser_type='$browser_type' ");

    }

请查看此处出现的问题并提出任何可行的方法。

更新

使用这些代码的PHP文件正在工作,我在数据库中获取值。但是将它与HTML一起使用不会在数据库中插入值。

        if(!empty($_SERVER['REQUEST_URI'])){
    $url = $_SERVER['REQUEST_URI'];
    }else{$url = "";}

    if(!empty($_SERVER['REMOTE_ADDR'])){
    $user_ip = $_SERVER['REMOTE_ADDR'];
    }else{$user_ip = "";}

    if(!empty($_SERVER['REMOTE_PORT'])){
    $user_port = $_SERVER['REMOTE_PORT'];
    }else{$user_port = "";}

    if(!empty($_SERVER['SERVER_ADDR'])){
    $server_ip = $_SERVER['SERVER_ADDR'];
    }else{$server_ip = "";}

    if(!empty($_SERVER['SERVER_PORT'])){
    $server_port = $_SERVER['SERVER_PORT'];
    }else{$server_port = "";}

    if(!empty($_SERVER['REQUEST_METHOD'])){
    $request_type = mysql_real_escape_string ($_SERVER['REQUEST_METHOD']);
    }else{$request_type = "";}

    if(!empty($_SERVER['HTTP_USER_AGENT'])){
    $browser_type =  mysql_real_escape_string ($_SERVER['HTTP_USER_AGENT']);
    }else{$browser_type = "";} 

    mysql_query("INSERT INTO jinendra_statistics.statistics SET url='$url', user_ip='$user_ip', user_port='$user_port', server_ip='$server_ip', server_port='$server_port', request_type='$request_type', browser_type='$browser_type' ");

3 个答案:

答案 0 :(得分:2)

您正在使用一半INSERT一半UPDATE查询。 您的查询应该是

mysql_query("INSERT INTO jinendra_statistics.statistics (url, user_ip, user_port, server_ip, server_port, request_type, browser_type) VALUES ('$url', '$user_ip', '$user_port', '$server_ip', '$server_port', '$request_type', '$browser_type')";

检查语法

答案 1 :(得分:1)

对于阅读此内容的任何人:有两个问题已修复。

1)查询语法不正确,

2)提交表格的过程也是错误的。

mysql_query("INSERT INTO jinendra_statistics.statistics (url, user_ip, user_port, server_ip, server_port, request_type, browser_type) VALUES ('$url', '$user_ip', '$user_port', '$server_ip', '$server_port', '$request_type', '$browser_type')";

您希望SET使用UPDATE以及我为INSERT提供的语法。

<强>将此/ page.php文件 

<?php

if(isset($_POST['stats'])){

 if(!empty($_SERVER['REQUEST_URI'])){
$url = $_SERVER['REQUEST_URI'];
}else{$url = "";}

if(!empty($_SERVER['REMOTE_ADDR'])){
$user_ip = $_SERVER['REMOTE_ADDR'];
}else{$user_ip = "";}

if(!empty($_SERVER['REMOTE_PORT'])){
$user_port = $_SERVER['REMOTE_PORT'];
}else{$user_port = "";}

if(!empty($_SERVER['SERVER_ADDR'])){
$server_ip = $_SERVER['SERVER_ADDR'];
}else{$server_ip = "";}

if(!empty($_SERVER['SERVER_PORT'])){
$server_port = $_SERVER['SERVER_PORT'];
}else{$server_port = "";}

if(!empty($_SERVER['REQUEST_METHOD'])){
$request_type = mysql_real_escape_string ($_SERVER['REQUEST_METHOD']);
}else{$request_type = "";}

if(!empty($_SERVER['HTTP_USER_AGENT'])){
$browser_type =  mysql_real_escape_string ($_SERVER['HTTP_USER_AGENT']);
}else{$browser_type = "";} 

mysql_query("INSERT INTO jinendra_statistics.statistics SET url='$url', user_ip='$user_ip', user_port='$user_port', server_ip='$server_ip', server_port='$server_port', request_type='$request_type', browser_type='$browser_type' ");

if(mysql_affected_rows()){
    // it worked, redirect, confirm, etc
}
else{
    // it failed
}

}

?>


<form action="this/page.php" method="post">
<input type="hidden" name="stats" value="true" />
<input type="submit" value="Submit Stats" />
</form>

试一试。输入您在操作中保存的文件的名称。

答案 2 :(得分:0)

您的查询很容易SQL Injection。您可以尝试使用 PHP PDO 吗?

<?php
$stmt = $dbh->prepare("INSERT INTO jinendra_statistics.statistics (url, user_ip, 
                                   user_port, server_ip, server_port, 
                                   request_type, browser_type) 
                       VALUES (?,?,?,?,?,?,?)");

$stmt->bindParam(1, $url);
$stmt->bindParam(2, $user_ip);
$stmt->bindParam(3, $user_port);
$stmt->bindParam(4, $server_ip);
$stmt->bindParam(5, $server_port);
$stmt->bindParam(6, $request_type);
$stmt->bindParam(7, $browser_type);

$stmt->execute();

?>
相关问题
最新问题