您好我有以下代码验证表单中是否有数据,然后我想确保在插入之前名称,电子邮件和地址不在我的数据库中...
你能告诉我在哪里搞砸了它,即使它是独特的数据也会抛出已经存在的错误
if($_POST['formSubmit'] == "Submit")
{
$errorMessage = "";
if(empty($_POST['formName']))
{
$errorMessage .= "<li>You forgot to enter a name!</li>";
}
if(empty($_POST['formEmail']))
{
$errorMessage .= "<li>You forgot to enter an email!</li>";
}
if(empty($_POST['formAddress']))
{
$errorMessage .= "<li>You forgot to enter your Address!</li>";
}
if(empty($_POST['formCity']))
{
$errorMessage .= "<li>You forgot to enter your City!</li>";
}
if(empty($_POST['formState']))
{
$errorMessage .= "<li>You forgot to enter your State!</li>";
}
if(empty($_POST['formZip']))
{
$errorMessage .= "<li>You forgot to enter your Zip!</li>";
}
$varName = $_POST['formName'];
$varEmail = $_POST['formEmail'];
$varAddress = $_POST['formAddress'];
$varCity = $_POST['formCity'];
$varState = $_POST['formState'];
$varZip = $_POST['formZip'];
$varDate = $_POST['formDate'];
if(empty($errorMessage))
{
$db = mysql_connect("localhost","root","PASSWORD");
if(!$db) die("Error connecting to MySQL database.");
mysql_select_db("FormData" ,$db);
$dupesql = "SELECT * FROM formdata WHERE (name = '$varName' AND email = '$varEmail' AND address = '$varAddress')";
$duperaw = mysql_query($dupesql);
if($duperaw > 0) {
echo ("$varName already exists in $varAddress \n");
}
else {
$sql = "INSERT INTO formdata (name, email, address, city, state, zip, submitDate) VALUES (".
PrepSQL($varName) . ", " .
PrepSQL($varEmail) . ", " .
PrepSQL($varAddress) . ", " .
PrepSQL($varCity) . ", " .
PrepSQL($varState) . ", " .
PrepSQL($varZip) . ", " .
PrepSQL($varDate) . ")";
mysql_query($sql);
header("location: index.php?success=1");
exit();
}
}
}
答案 0 :(得分:2)
使用mysql_num_rows($duperaw) > 0代替$duperaw > 0来检查您的查询是否返回了任何结果。
另外,请避免使用mysql_*功能。它们不再被维护,而是deprecated as of PHP 5.5.0。请阅读this post以获取更详细的说明。相反,请使用PDO或MySQLi并了解prepared statements。 This article可以帮助您确定要使用的MySQL API。