使用json更新mysql数据库空白字段

时间:2013-05-14 21:30:45

标签: php mysql ajax json

我正在尝试将记录插入到mysql数据库中,但字段为空。这是我的js:

$("#submit").click(function() { 
    var product1name     = $("input#product1name").val();
    var product2name     = $("input#product2name").val();
    var product3name     = $("input#product3name").val();
    var product4name     = $("input#product4name").val();
    var product5name     = $("input#product5name").val();
    var product1quantity = $("input#product1quantity").val();
    var product2quantity = $("input#product2quantity").val();
    var product3quantity = $("input#product3quantity").val();
    var product4quantity = $("input#product4quantity").val();
    var product5quantity = $("input#product5quantity").val();

    var dataString = 'product1name='+ product1name + 'product2name=' + product2name + 'product3name=' + product3name + 'product4name=' + product4name + 'product5name=' + product5name + 'product1quantity='+ product1quantity + 'product2quantity='+ product2quantity + 'product3quantity='+ product3quantity + 'product4quantity='+ product4quantity + 'product5quantity='+ product5quantity + 'salesid='+ salesid + 'email='+ email + 'wpuseremail='+ wpuseremail;

    $.ajax({  
      type: "POST",
      url: "process.php",
      data: dataString,
      success: function(json) {  
        $('#contact_form').html("<div id='message'></div>");
        $('#message').html(json.type)
        .append(json.message)
        .hide()
        .fadeIn(1500, function() {
          $('#message').append("<img id='checkmark' src='images/check.png' />");
        });
      }
    });
    return false;

});

这是我的php:

<?php
$product1quantity = $_POST["product1quantity"];
$product2quantity = $_POST["product2quantity"];
$product3quantity = $_POST["product3quantity"];
$product4quantity = $_POST["product4quantity"];
$product5quantity = $_POST["product5quantity"];

$username = "user";
$password = "pass";
$hostname = "host"; 

$dbhandle = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MySQL");

$selected = mysql_select_db("dbname",$dbhandle)
  or die("Could not select dbname");

$result = "INSERT INTO dbname.tablename (product1name, product2name, product3name, product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) VALUES ('', '', '', '', '', product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, NULL)";
mysql_query($result);

mysql_close($dbhandle);

$response = array('type'=>'', 'message'=>'');
$response['type'] = 'success';
$response['message'] = 'Thank-You for submitting the form!';
print json_encode("success");
?>

我已经确认它在我不在INSERT语句中使用变量时起作用,而是硬编码的值。我的变量似乎有些不对劲。

2 个答案:

答案 0 :(得分:3)

似乎你所谓的变量在他们面前没有$ .. 

$result = "INSERT INTO dbname.tablename (product1name, product2name, product3name,     product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) VALUES ('', '', '', '', '', $product1quantity, $product2quantity, $product3quantity, $product4quantity, $product5quantity, NULL)";

但请修复您的代码,因为由于SQL注入安全漏洞而直接从POST变量插入是非常危险的

您可以考虑使用像PDO或mySQLi

这样的预准备语句

在此处阅读更多内容:http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

答案 1 :(得分:1)

我认为你错过了变量($)上的美元符号。

你应该写:

$result = "
    INSERT INTO dbname.tablename (
        product1name, 
        product2name, 
        product3name, 
        product4name, 
        product5name, 
        product1quantity, 
        product2quantity, 
        product3quantity, 
        product4quantity, 
        product5quantity, 
        id
    ) VALUES (
        '', 
        '', 
        '', 
        '', 
        '', 
        $product1quantity, 
        $product2quantity, 
        $product3quantity, 
        $product4quantity, 
        $product5quantity, 
        NULL
    )
";
相关问题
最新问题