为什么我无法将数据输入db?
<?php include ( './includes/header.php' );
$error = "";
if (@$_POST['send']) {
$name = mysql_real_escape_string(strip_tags($_POST['name']));
$email = mysql_real_escape_string(strip_tags($_POST['email']));
$message = mysql_real_escape_string(strip_tags($_POST['message']));
if ($name == "") {
$error = "Name cannot be left empty.";
}
else if ($email == "") {
$error = "Enter valid email id";
}
else if ($message == "") {
$error = "Message cannot be left empty.";
}
else{
//send message
$sendmessage = mysql_query("INSERT INTO contact VALUES('','$name','$email','$message')",$db1) or die(mysql_error());
$error = "Message sent!!";
}
}
?>
<meta property="og:title" content="Contact Us" />
<meta property="og:description" content="For any help, drop us a mail" />
<meta property="og:image" content="http://studyfoyer.org/images/contactus.jpg" />
<title>Contact Us</title>
</head>
<?php include('includes/navigation.php');?>
<div class="container">
<div class="row">
<form class="log-page" action="contact.php" method="POST">
<h2 class="form-signin-heading">Get in touch</h2>
<div class="input-prepend">
<label for="InputUsername">Name</label>
<input type="text" class="form-control" name='name' placeholder="Name" required autofocus>
</div>
<div class="input-prepend">
<label for="InputEmail">Email</label>
<input type="email" class="form-control" name='email' placeholder="Email address" required>
</div>
<div class="input-prepend">
<label for="InputMessage">Message</label>
<textarea class="form-control" rows="3" name="message" placeholder="Your message" required></textarea>
</div>
<div class="controls form-inline">
<button class="btn btn-primary" name='send' type="submit">Send</button>
</div>
<?php echo $error; ?>
</div>
</form>
</div>
</div>
Db连接通过header.php完成 我有两个网站(都在localhost上)使用相同的数据库,用于联系信息。这会影响吗? 因为代码似乎在其他代码上运行良好。
答案 0 :(得分:0)
应该是if (isset($_POST['send']))而不是if (@$_POST['send'])。 isset函数将返回true是$ _POST ['send']是“set”。数据库连接的相同文件不会影响任何内容。
您的代码容易受到 SQL注入的攻击。您必须使用预准备语句来安全地清理用户的输入。