我正在为我正在制作的网站(为了好玩)更改旧代码的过程,并且因为添加了更加消毒的方式向我的数据库发送和存储信息,例如清理,转义,格式等。我发现我的信息正在发送并存储为数据库中的空字段。
我知道我无法提交表单,除非输入所有字段并且格式正确以便部分看起来很好,但是当所有字段都填满并且格式正确时,查询似乎只是将空白信息存储在字段。
这是我在
中发送数据的表单的代码 $labels = array ("matchname" => "match name",
"matchdescriptions" => "match description",
"opponent" => "opponent",
"goalconceded" => "goal conceded",
"goalscored" => "goal scored");
if($username && $userid && $userid == 1) {
echo "<form action='post_matchdetails.php' method='POST'>";
/*A loop that displays the form*/
foreach($labels as $field => $label)
{
echo "<div class='field'>
<label for='$field'>$label</label>
<input type='text' name='$field' id='$field' size='65' maxlength='65'/>
</div>\n";
}
echo "<div id='submit'><input type='submit' value='Submit'/>\n";
echo "</div>\n</form>\n</body>\n</html>";
这是处理数据的代码,旨在将其保存到数据库
$db_sitename="tutorials";
$db_hostname="localhost";
$db_username="root";
$db_password="roger";
$cxn =mysqli_connect($db_hostname,$db_username,$db_password,$db_sitename) or die ("Couldnt connect to server");
foreach($label as $field => $value)
{
$good_data [$field] = strip_tags(trim($_POST[$field]));
if($field == "goal")
{
$good_data[$field] = preg_replace("/[)( . -]/", "", $good_data[$field]);
}
$good_data[$field] = mysqli_real_escape_string($cxn, $good_data[$field]);
}
$query = "INSERT INTO matchdetails (";
foreach($good_data as $field => $value)
{
$query.= "$field,";
}
$query .= ") VALUES (";
$query = preg_replace("/,\)/",")",$query);
foreach($good_data as $field => $value)
{
$query .= "'$value',";
}
$query .= ")";
$query = preg_replace("/,\)/",")",$query);
$result = mysqli_query($cxn,$query) or die ("Couldnt execute query. " .mysqli_error($cxn));
echo "<h4>New bulletin added to database</h4>";
header("location: index2.php");
exit();
它的问题非常简单,但我不知道它是什么,任何建议,想法或帮助将不胜感激
非常感谢提前 麦克