SQL查询 - 替换字段名称中的句点

时间:2013-11-22 19:13:29

标签: javascript php jquery mysql sql

所以,我有一个使用Ajax / Jquery将数组发送到这个PHP文件的表单,该文件应该将数组写入MySQL数据库。我在过去两周看了几个例子并改进了代码结构,但我觉得我可能会遗漏一些明显的东西。无论是那种,还是做得非常低效。作为其他文件的背景,表单本身有一些输入名称,其中有一个句点,这就是为什么有一个preg_replace。 variables.php文件包含所有正确的SQL登录数据,因为数据的后端查看工作正常。所有不起作用的是实际写入数据。

但是,如果此代码段看起来应该有效,那么我需要再次检查我的Javascript文件。

这是PHP代码:

include 'variables.php';

if (isset($_POST)){
    mysqli_connect($mysql_hostname,$mysql_username,$mysql_password);
    mysqli_select_db($con,$mysql_table);
    $sql = sprintf('INSERT INTO '.$mysql_table.' (%s) VALUES ("%s")',
    implode(',',array_keys(preg_replace("/[^,.]/",$_fields))),
    implode('","',array_values(preg_replace("/[^,.]/",$_fields)))
    );
    mysqli_query($con,$sql);
    mysqli_close($con);
};

以下是捕获表单数据的Javascript代码:

var orderSubTotal ='46.15';
var orderTotal  ='46.15';
var numOfItems ='2';
var items =new Array('item1','item2');
var ids =new Array('id1','id2');
var codes =new Array('code1','code2');
var qtys =new Array('1','1');
var price =new Array('44.95','1.2');
var orderTax ='0';
var orderShipping ='0';
var appliedPromoIdList ='';
var coupon ='';
var storeId ='storeid';
var activeShipPromotionCount ='';
var itemImages  =new Array('image1','image2');

$(document).ready(function() {

$("#driver").click(function(event) {
    event.PreventDefault();

    var date=new Date();
    var formData = $("#testform :input[id!='card-type'][id!='paymentSelection_0']"+
    "[id!='ccSelectedRadio'][id!='card-number'][id!='card-exp-month'][id!='card-exp-year'][id!='card-cvv'][id!='billing-first-name']"+
    "[id!='billing-last-name'][id!='billing-company'][id!='billing-address1'][id!='billing-address2'][id!='billing-city']"+
    "[id!='billing-state'][id!='billing-zip'][id!='billing-phone'][id!='billing-country'][id!='useShippingRadio'][id!='useBillingRadio']"+
    "[id!='ppSelectedRadio'][name!='miscDS.shopperEmailAddress_ymixval'][name!='miscDS.shopperEmailAddress_ymixlabel']"+
    "[name!='miscDS.shopperEmailAddress_secname'][name!='paymentSelectionDS.paymentSelection_ROW0_paymentPPSelected']").serializeArray();

    formData.push({name: 'Subtotal', value: orderSubTotal});
    formData.push({name: 'Total', value: orderTotal});
    formData.push({name: 'Cart Size', value: numOfItems});
    formData.push({name: 'Cart Contains', value: items});
    formData.push({name: 'Item ID\'s', value: ids});
    formData.push({name: 'Codes', value: codes});
    formData.push({name: 'Quantities', value: qtys});
    formData.push({name: 'Prices', value: price});
    formData.push({name: 'Taxable', value: orderTax});
    formData.push({name: 'Shipping', value: orderShipping});
    formData.push({name: 'Applied Promotion ID\'s', value: appliedPromoIdList});
    formData.push({name: 'Coupons', value: coupon});
    formData.push({name: 'Store ID', value: storeId});
    formData.push({name: 'Shipping Promotion\'s', value: activeShipPromotionCount});
    formData.push({name: 'Item Images', value: itemImages});
    formData.push({name: 'Date and Time', value: date});

    $.post("jquery/process.php", formData);
});
});

最后,这里是表单本身(我删除了表单的部分,这些部分要么被ajax帖子排除,要么甚至根本不被删除):

<!DOCTYPE html>
<html>
    <head>
        <title>the title</title>
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
    <script src="jquery/script.js"></script>
</head>
<body>
    <div id="stage1" style="background-color:blue;">
        STAGE - 1
    </div>
    <form id="testform">
        <div id="ys_buyerInfo" class="">
            <div id="ys_shipBillShippingInfo" class="ys_majorSection">
                <h3>Shipping Information</h3>
                <h4>Shipping Address</h4>
                <div class="ys_subSection" id="ys_shippingAddress" style="">
                    <fieldset>
                        <label for="shipping-first-name" id="labelshipping-first-name" class="text"> <strong>First Name:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_first_name" id="shipping-first-name" size="31" maxlength="99" value="" />
                        </label>
                        <label for="shipping-last-name" id="labelshipping-last-name" class="text"> <strong>Last Name:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_last_name" id="shipping-last-name" size="31" maxlength="99" value="" />
                        </label>
                        <label for="shipping-company" id="labelshipping-company" class="text"> <strong>Company:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_company" id="shipping-company" size="31" maxlength="99" value="" />
                        </label>
                        <label for="shipping-address1" id="labelshipping-address1" class="text"> <strong>Street Address 1:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_address1" id="shipping-address1" size="31" maxlength="99" value="" />
                        </label>
                        <label for="shipping-address2" id="labelshipping-address2" class="text"> <strong>Street Address 2:</strong> </label>
                        <label for="shipping-city" id="labelshipping-city" class="text"> <strong>City:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_city" id="shipping-city" size="10" maxlength="99" value="" />
                        </label>
                        <label for="shipping-state" id="labelshipping-state" class="text"> <strong>State:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_state" id="shipping-state" size="13" maxlength="99" value=""  />
                        </label>
                        <label for="shipping-zip" id="labelshipping-zip" class="text"> <strong>Zip Code:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_zip" id="shipping-zip" size="10" maxlength="99" value=""  />
                        </label>
                        <label for="shipping-phone" id="labelshipping-phone" class="text"> <strong>Phone:</strong>
                            <input type="text" class="text" name="shippingAddressDS.shipping_ROW0_phone" id="shipping-phone" size="10" maxlength="99" value=""  />
                        </label>
                        <label for="shipping-country" id="labelshipping-country"> <strong>Country:</strong>
                            <select name="shippingAddressDS.shipping_ROW0_country" id="shipping-country" >
                                <option value="AR">Argentina</option>
                                <option value="AU">Australia</option>
                                <option value="AT">Austria</option>
                                <option value="BE">Belgium</option>
                                <option value="BM">Bermuda</option>
                                <option value="BA">Bosnia and Herzegowina</option>
                                <option value="BR">Brazil</option>
                                <option value="BG">Bulgaria</option>
                                <option value="CA">Canada</option>
                                <option value="HR">Croatia (Hrvatska)</option>
                                <option value="CY">Cyprus</option>
                                <option value="CZ">Czech Republic</option>
                                <option value="DK">Denmark</option>
                                <option value="EE">Estonia</option>
                                <option value="FO">Faroe Islands</option>
                                <option value="FI">Finland</option>
                                <option value="FR">France</option>
                                <option value="FX">France, Metropolitan</option>
                                <option value="DE">Germany</option>
                                <option value="GI">Gibraltar</option>
                                <option value="GR">Greece</option>
                                <option value="GL">Greenland</option>
                                <option value="HK">Hong Kong</option>
                                <option value="HU">Hungary</option>
                                <option value="IS">Iceland</option>
                                <option value="IE">Ireland</option>
                                <option value="IT">Italy</option>
                                <option value="JP">Japan</option>
                                <option value="KZ">Kazakhstan</option>
                                <option value="KR">Korea, Republic of</option>
                                <option value="KG">Kyrgyzstan</option>
                                <option value="LV">Latvia</option>
                                <option value="LI">Liechtenstein</option>
                                <option value="LT">Lithuania</option>
                                <option value="LU">Luxembourg</option>
                                <option value="MK">Macedonia</option>
                                <option value="MT">Malta</option>
                                <option value="MX">Mexico</option>
                                <option value="NL">Netherlands</option>
                                <option value="NZ">New Zealand</option>
                                <option value="NO">Norway</option>
                                <option value="PL">Poland</option>
                                <option value="PT">Portugal</option>
                                <option value="SG">Singapore</option>
                                <option value="SK">Slovakia (Slovak Republic)</option>
                                <option value="SI">Slovenia</option>
                                <option value="ZA">South Africa</option>
                                <option value="ES">Spain</option>
                                <option value="SE">Sweden</option>
                                <option value="CH">Switzerland</option>
                                <option value="TW">Taiwan</option>
                                <option value="TJ">Tajikistan</option>
                                <option value="UK">United Kingdom</option>
                                <option value="US" selected="selected">United States</option>
                                <option value="VA">Vatican City</option>
                            </select> </label>
                    </fieldset>
                </div>
            </div>
        </div>
        <div class="ys_majorSection">
            <h3>Other Information</h3>
            <h4>Coupon Code</h4>
            <div class="ys_subSection" id="ys_coupon" style="">
                <div class="ys_subSection">
                    <fieldset id="ys_couponFieldset">
                        <label for="gc-redemption-code" id="labelgc-redemption-code"> <strong>If you have a Coupon / Promotional code that can be redeemed from this store, please enter the offer code in the box below.</strong> </label>
                        <input type="text" class="text" name="gcPaymentDS.gcpayment_ROW0_redemptionCode" id="gc-redemption-code" size="20" maxlength="" value="" />
                        <input class="ys_secondary" type="submit" name="eventName.updateGiftCertDataEvent"  value="Apply" />
                        <em><!-- intentionally empty --></em>
                    </fieldset>
                </div>
            </div>
            <h4>Email Notification</h4>
            <div class="ys_subSection" id="ys_billingEmail" style="">
                <fieldset>
                    <label for="billing-email" id="labelbilling-email" class="text">
                        <strong>Email Address:</strong>
                        <input type="text" class="text" name="miscDS.shopperEmailAddress" id="billing-email" size="40" maxlength="99" value=""  />
                        <input type="hidden" name="miscDS.shopperEmailAddress_ymixval" value="req,email" />
                        <input type="hidden" name="miscDS.shopperEmailAddress_ymixlabel" value="Email Address" />
                        <input type="hidden" name="miscDS.shopperEmailAddress_secname" value="BillingEmail" />
                        <em><!-- intentionally empty --></em> </label>
                </fieldset>
            </div>
        </div>
        <input type="button" id="driver" value="Load Data" />
    </form>
</body>
</html>

1 个答案:

答案 0 :(得分:0)

看看上面的代码,我必须承认我在PHP文件之后停止了。快速回答是preg_replace需要3个参数而不是2才能工作。第一个参数是您要查找的模式,第二个是替换,最后一个是文本。

如果您希望改进整体代码,请参考以下建议:

首先,检查$ _POST不是最好的选择,你应该检查

$_SERVER["REQUEST_METHOD"]=="POST"

然后请验证您的输入,我必须承认我从未使用$ _fields变量,但如果它预先填充了$ _POST数组中的元素,您应该考虑到任何东西都可以在那里,而不仅仅是你期望的你的表单(其他人可以使用curl来破解代码并在数据库中添加任何内容)。

您还应该在输入中将stripslashes与addslashes结合使用,以提供最低级别的安全性。冒号不是你唯一的问题,其他东西可以在那里,你不想要的东西。

最后你可以使用str_replace(“要替换的字符串”,“替换”,“需要替换字符串的某些文本”)

希望这有帮助