免责声明是的,数据尚未验证,是的,它不安全,但这是对本地计算机的测试,所以我不担心SQL注入
确定。所以我有一个用户填写的表格。我在该页面的开头开始一个会话。信息将发布到第二页,用户可以在其中验证数据,然后单击按钮进行提交。会话再次启动,数据将传递到第三个页面,在该页面中建立与数据库的连接。
<?php
session_start();
require_once("dbconnect.php");
include("header.php");
echo "This is for a Live Sale: title is " . $_SESSION['title'] . "<p> type is " . $type = $_SESSION['typeofsale'] . "<p> fname is " . $_SESSION['fname'] . " <p>lname is " . $lname = $_SESSION['lname'] . "<p> email is " . $email = $_SESSION['email'] . "<p> address is " . $address = $_SESSION['address'] . " <p>zip is " . $_SESSION['zip'] . " <p>city is " . $_SESSION['city'] . "<p> county is " . $_SESSION['county'] . "<p> area is " . $_SESSION['area'] . "<p> state is " . $_SESSION['state'] . "<p> directions are " . $_SESSION['directions'] . "<p> date is " . $_SESSION['livedate'] . "<p> Time is " . $_SESSION['time'];
if (isset($_SESSION['livedate'])){
$title = $_SESSION['title'];
$typeofsale = $_SESSION['typeofsale'];
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
$email = $_SESSION['email'];
$address = $_SESSION['address'];
$zip = $_SESSION['zip'];
$city = $_SESSION['city'];
$county = $_SESSION['county'];
$area = $_SESSION['area'];
$state = $_SESSION['state'];
$directions = $_SESSION['directions'];
$listitems = $_SESSION['listitems'];
$date = $_SESSION['livedate'];
$time = $_SESSION['time'];
fullListing($title, $typeofsale, $fname, $lname, $email, $address, $zip, $city, $county, $area, $state, $directions, $listitems, $date, $time);
}
if (isset($_POST['onlinedate'])){
$title = $_SESSION['title'];
$typeofsale = $_SESSION['typeofsale'];
$fname = $_SESSION['fname'];
$lname = $_SESSION['lname'];
$email = $_SESSION['email'];
$zip = $_SESSION['zip'];
$city = $_SESSION['city'];
$county = $_SESSION['county'];
$area = $_SESSION['area'];
$state = $_SESSION['state'];
$listitems = $_SESSION['listitems'];
$date = $_SESSION['livedate'];
partialListing($title, $typeofsale, $fname, $lname, $email, $zip, $city, $county, $area, $state, $listitems, $date);
}
function fullListing($title, $typeofsale, $fname, $lname, $email, $address, $zip, $city, $county, $area, $state, $directions, $listitems, $date, $time){
global $dbc;
$insertRow = "INSERT INTO listings(title, typeofsale, fname, lname, email, address, zip, city, county, area, state, directions, listitems, date, time) VALUES ('$title', '$typeofsale', '$fname', '$lname', '$email', '$address', '$zip', '$city', '$county', '$area', '$state', '$directions', '$listitems', '$date', '$time')";
echo "<p>this is whats in insertRow variable " . $insertRow;
$result = $dbc->query($insertRow);
echo "<p>this is whats in insertRow variable " . $insertRow;
}
function partialListing($title, $typeofsale, $fname, $lname, $email, $zip, $city, $county, $area, $state, $listitems, $date){
global $dbc;
$insertRow = "INSERT INTO listings(title, typeofsale, fname, lname, email, zip, city, county, area, state, listitems, date) VALUES ('$title', '$typeofsale', '$fname', '$lname', '$email', '$zip', '$city', '$county', '$area', '$state', '$listitems', $date)";
$result = $dbc->query($insertRow);
echo "this is whats in insertRow variable " . $insertRow;
}
echo "<p><h1>Information Submitted. Thank You!</h1>";
echo "<p>";
include('footer.php');
好的,所以我回应了变量,以确保它们都被转移,以此来解决我的问题。他们在正确的变量中显示了所有正确的信息。
我正在测试页面上的fullListing选项。我在查询运行之前和之后回显$ insertRow的内容。页面运行,它只显示第一个输出。这是变量$ insertRow。
的内容的结果INSERT INTO listings(title, typeofsale, fname, lname, email, address, zip, city, county, area, state, directions, listitems, date, time) VALUES ('This is the title', 'livesale', 'First', 'Name', 'blah@blah.com', '`123 Main St', '44355', 'City', 'crowwing', 'central', 'minnesota', 'GO down the road til you see the sign and then go somemore Big house on the right', 'Clothes baby items playstation games toys', '6/12/1965', '8:00AM')
当它尝试运行查询时,它会给我以下错误。
Fatal error: Call to a member function query() on a non-object in C:\Program Files\wamp\www\AreaListingPage2\salesent.php on line 52
第52行是这一行:
$result = $dbc->query($insertRow);
我检查过以确保db connect和model在其中包含正确的信息,并且确实如此。他们有正确的密码和数据库。然后,我检查以确保数据库中的表是正确的,它是。我检查了字段是否按正确顺序排列并匹配数据库字段,他们确实如此。
答案 0 :(得分:0)
您只需定义global $dbc;它是一个空变量,并且不处理与数据库的任何连接,但您可以在其上调用query()函数。这不起作用。
你应该正确处理连接,无论你使用什么驱动程序(mysqli,PDO等)。