你好我正在尝试为我正在做的项目编写一个基本插入,它将接受user_id并将输入的所有用户信息插入到数据库中但所有发生的事情是我被重定向到php页面本身
我是相当新的,并已在互联网上研究得到这一点,但我现在完全困惑。我们的v =当前服务器不支持PDO(不幸的是)所以我依靠你们的帮助。
感谢
这是我的代码:
<?php
session_start();
$server = "server";
$schema = "schema";
$uid = "uid";
$pwd = "pwd";
$user_id=$_SESSION['user_id']
$bookName=$_POST['txt_bookName'];
$bookEmail=$_POST['txt_bookEmail'];
$address=$_POST['txt_address'];
$mobile=$_POST['txt_mobile'];
$telephone=$_POST['txt_telephone'];
$dob=$_POST['txt_dob'];
$emergency=$_POST['txt_emergency'];
$profession=$_POST['txt_profession'];
$nationality=$_POST['txt_nationality'];
@ $db = mysql_connect($server, $uid, $pwd);
if (!$db)
{
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
else
{
mysql_select_db($schema);
$query = "INSERT INTO booking
(user_id, bookName, bookEmail, address, nationality,
mobile, telephone, dob, emergency, proposed_date,
profession )
values ('$user_id', '$bookName','$bookEmail','$address','$nationality',
'$mobile', '$telephone', '$dob', '$emergency', '$proposed_date',
'$profession')";
$result = mysql_query($query);
if ($result)
header("Location: payment.html");
else{
header("Location: bookTour.php");
}
}
mysql_close();
?>
使用表单代码
进行更新它已被编辑以便于观察
function MM_validateForm() { //v4.0
if (document.getElementById){
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
} }
</script>
</head>
<form id="frm_booking" name="frm_booking" action ="InsertBooking.php" method="post">
<body>
<div class="cssname">
<p>Book Tours</p>
</div>
<div>
<label><strong>Book Tours</strong></label>
<form>
<p> </p>
<p><strong>List of Tour Details</strong></p>
<table width="666" border="0" align="center" cellspacing="0">
<label>
<input name="txt_bookName" type="text" id="txt_bookName" placeholder="Name"/>
<input name="txt_bookEmail" type="email" id="txt_bookEmail" placeholder="Email@email.com"/>
<label>
<input name="txt_address" type="text" id="txt_address" placeholder="Address"/>
</label></td>
<input name="txt_nationality" type="text" id="txt_nationality" placeholder="Nationality"/></td>
<input name="txt_mobile" type="text" id="txt_mobile" placeholder="Mobile"/></td>
<input name="txt_telephone" type="text" id="txt_telephone" placeholder="Telephone"/></td>
</tr>
<tr>
</td>
<input name="txt_dob" type="text" id="txt_dob" placeholder="yyyy-mm-dd"/></td>
<input name="txt_emergency" type="text" id="txt_emergency" placeholder="Emergency Contact"/></td>
<select name="lst_tour" onchange="">
<option value="">Select a Date:</option>
<?php include 'tourSelect.php' ?>
<?php
foreach ( $results as $option ) : ?>
<option value="<?php
echo $option->departure_date; ?>"><?php echo $option->departure_date; ?></option>
<?php endforeach; ?>
</select>
<strong>Type</strong> <strong>date</strong> <strong>here</strong>:
<label>
<input type="text" name="txt_projectDate" id="txt_projectDate" placeHolder "Enter date selected at the left"/>
</label></td>
<input name="txt_profession" type="text" id="txt_profession" placeholder="Profession"/></td>
<textarea name="txt_statement" id="txt_statement" cols="45" rows="5" placeholder="Say a short sentance about yourself"></textarea>
<input name="btn_book" type="submit" class="btn_ragister" id="btn_book" value="Book Now!" style="background-color:#FFF"; border="1" />
答案 0 :(得分:0)
在查询中使用之前,您确实应该清理用户输入,否则您的网站会被SQL注入破坏。
$bookEmail = mysql_real_escape_string($_POST['txt_bookEmail']);
对所有变量重复此操作,可能还会解决您的错误(取决于使用的输入)。
另外:看看是否启用了mysqli,它比mysql扩展更好(如果PDO不可用)。