mysqli_real_escape_query,查询似乎没问题,但没有写入数据库

时间:2014-02-26 15:59:57

标签: php mysql mysqli

我有一个表单,method =“post”,用户可以在其中输入信息,如姓名和电子邮件,然后将其插入数据库中。为了安全起见,我尝试使用mysqli_real_escape_string。 现在,查询说它工作但没有数据插入我的数据库中。如果没有逃脱,一切都可以正常工作(除非没有逃脱)

CODE: (更新了缺失的引用,它在我的原始代码中,所以这不是问题。为此而烦恼)

if(isset($_POST['submit'])) {

$email = explode('@',$_POST['mail']); //explode because I only need the prefix
$maila = mysqli_real_escape_string($link,$email[0]);
$name = mysqli_real_escape_string($link,$_POST['name']);

$query = "INSERT INTO base(mail,name) VALUES ('$maila','$name')";
if(mysqli_query($link,$query)) {
          echo "SUCCES";
        }
        else {
          echo "FAIL";}
}

因此,当我处理查询时,SUCCES出现,但邮件和名称没有到达我的表格。

我在这里搜索并搜索,但找不到解决方案(如果我忽略了它,请原谅我)。我也希望我发布了足够的代码。

额外信息:

在SQL查询开始执行之前,将以类似

的方式检查表单 
if($_POST['name'] == null){echo "an error message";}

EDIT;完整代码(我知道我的if语句中有错误/愚蠢的东西,但这些工作正常而没有逃避,所以我稍后会检查这些)

<?php
    if(isset($_POST['submit'])) {

      if($_POST['ios'] == null ) {$resios = 0;} else {$resios = $_POST['ios'];}
      if($_POST['android'] == null) {$resand = 0;} else {$resand = $_POST['android'];}
      if($_POST['windows'] == null) {$reswin = 0;}  else {$reswin = $_POST['windows'];}
    //Check for errors
      if($_POST['naam'] == null) {echo "<span class=\"error\">Gelieve een naam in te vullen</span><br />";}
      if($_POST['opleiding'] == 0) {echo "<span class=\"error\">Selecteer een opleiding</span><br />";}
      if($resios > $ios) {$resios = $ios; echo "<span class=\"error\">Aantal iOS tablets overschreden. Maximum " . $ios . " tablets beschikbaar.</span><br />";}
      if($resand > $android) {$resand = $android; echo "<span class=\"error\">Aantal Android tablets overschreden. Maximum " . $android . " tablets beschikbaar.</span><br />";}
      if($reswin > $windows) {$reswin = $reswin; echo "<span class=\"error\">Aantal Windows tablets overschreden. Maximum " . $windows . " tablets beschikbaar.</span><br />";}
      if($resios < 0) {$resios = 0; echo "<span class=\"error\">Aantal tablets kan niet lager zijn dan 0!</span><br />";}
      if($resand < 0) {$resand = 0; echo "<span class=\"error\">Aantal tablets kan niet lager zijn dan 0!</span><br />";}
      if($reswin < 0) {$reswin = 0; echo "<span class=\"error\">Aantal tablets kan niet lager zijn dan 0!</span><br />";}
      if($_POST['terms'] != 'on') {echo "<span class=\"error\">Reglement moet aanvaard worden.</span><br />";}
      if($resios == 0 && $resand == 0 && $reswin == 0) {echo "<span class=\"error\">Er moet minstens 1 tablet gereserveerd worden</span>";}
      else {

//ESCAPE + INSERT
        $email = explode('@',$_POST['mail']);
        $maila = mysqli_real_escape_string($link,$email[0]);
        $opleiding = mysqli_real_escape_string($link,$_POST['opleiding']);
        $naam = mysqli_real_escape_string($link,$_POST['naam']);
        $datum = mysqli_real_escape_string($link,$datum);
        $resios = mysqli_real_escape_string($link,$resios);
        $resand = mysqli_real_escape_string($link,$resand);
        $reswin = mysqli_real_escape_string($link,$reswin);
        $opmerking = mysqli_real_escape_string($link,$_POST['opmerking']);

        $query = "INSERT INTO reservaties(oplid,naam,datum,ios,android,windows,emailname,opmerking) VALUES ('$opleiding','$naam','$datum','$resios','$resand', '$reswin','$maila', '$opmerking')";
        if(mysqli_query($link,$query)) {
          echo "<p class=\"succes\">U hebt succesvol " . $resios . " iOS-tablets, " . $resand . " Android-tablets en " . $reswin . " Windows-tablets gereserveerd op " . $disdate . "</p>";
          echo "<p>Een bevesting van uw reservatie via mail? <form style=\"display:inline;\" target=\"_blank\" action=\"print.php\" method=\"post\"><input type=\"text\" name=\"mail\" value=\"".$maila."\" />@arteveldehs.be <input type=\"hidden\" name=\"naam\" value=\"".$_POST['naam']."\"/><input type=\"hidden\" name=\"datum\" value=\"". $datum . "\"/><input type=\"submit\" name=\"print\" value=\"mail\"></form></p>";
        }


        else {
          echo "<p class=\"error\">Er is een fout opgetreden. Probeer opnieuw, of neem contact op met de <a href=\"mailto:mediatheek.kantienberg@arteveldehs.be\">Mediatheek</a>.</p>";}
        }
    }
    ?>
<!-- my form-->
<form action="#" method="post">
<table>
<tr><td colspan="3"><span class="required">*</span> = verplicht veld</td></tr>  
<tr><td>Naam:<span class="required">*</span></td><td><input type="text" name="naam" placeholder="Naam" /></td></tr>
<tr><td>Email:</td><td><input type="text" name="mail" placeholder="voornaam.naam" />@arteveldehs.be</td></tr>
<tr><td>Opleiding:<span class="required">*</span></td><td colspan="2"> 
<select name="opleiding">
<option value="0">Selecteer een opleiding</option>
<?php
$sql2 = "SELECT SUM(ios) as iostotal,SUM(android) as androidtotal,SUM(windows) as windowstotal FROM reservaties WHERE '$datum' = datum";
      $check2 = mysqli_query($link,$sql2) or die(mysql_error());         
        while ($free2 = mysqli_fetch_array($check2)) {
            $iosall = 16;
            $andall = 18;
            $winall = 20;
        $ios2 = $iosall - $free2['iostotal']; 
        $android2 = $andall - $free2['androidtotal'];
        $windows2 = $winall - $free2['windowstotal'];
        }
$opleidingen = "SELECT * FROM opleidingen";
$values = mysqli_query($link,$opleidingen) or die(mysql_error());
while ($row = mysqli_fetch_array($values)) {
$oplid = $row['oplid'];$opleiding = $row['opleiding'];
echo "<option value=\"".$oplid."\">".$opleiding."</option>";
}
?>
</select>
</td></tr>
<tr><td>Aantal iOS</td><td><input type="text" name="ios" placeholder="<?= $ios2;?>" ><span class="max">(maximum <?= $ios2;?> beschikbaar)</span></td></tr>
<tr><td>Aantal Android</td><td><input type="text" name="android" placeholder="<?= $android2;?>" ><span class="max">(maximum <?= $android2;?> beschikbaar)</span></td></tr>
<tr><td>Aantal Windows</td><td><input type="text" name="windows" placeholder="<?= $windows2;?>" ><span class="max">(maximum <?= $windows2;?> beschikbaar)</span></td></tr>
<tr><td>Opmerking:</td><td colspan="2"><textarea maxlength="512" rows="5" cols="50" name="opmerking" placeholder="Bv. Tijdstip van oppikken/terugbrengen - vraag aan de mediatheek - ..." ></textarea></td></tr></table>

<input type="checkbox" name="terms" value="on" /> Hiermee verklaar ik me akkoord met het <a target="_blank" href="reglement.php">reglement</a> dat geldt voor het gebruik van deze tablets.<span class="required">*</span>
<p><input type="submit" name="submit" value="Reserveer"/></p>
</form>
<?php }
?>

DATABASE预留

resid   int(9) PRIMARY KEY  
oplid   int(9)
naam    varchar(55) latin1_swedish_ci
datum   date
ios varchar(3)
android varchar(3)
windows varchar(3)
emailname
opmerking   varchar(512)    latin1_swedish_ci

3 个答案:

答案 0 :(得分:0)

试试这个,你错过了关闭" 

$query = "INSERT INTO `base` (`mail`,`name`) VALUES ('$maila','$name')";

答案 1 :(得分:0)

根据OP的original posted question

您的查询缺少引号:

$query = "INSERT INTO base(mail,name) VALUES ('$maila','$name') ;

                                             // right there  --^

做的:

$query = "INSERT INTO base(mail,name) VALUES ('$maila','$name')";

使用错误报告有助于显示错误 http://www.php.net/mysqli_error

由于没有抛出任何错误(在你身边),这告诉我你没有使用错误报告。

if (!mysqli_query($link,$query))
{
    die('Error: ' . mysqli_error($link));
}

这些or die(mysql_error())需要更改为or die(mysqli_error()),因为基于mysql_*mysqli_*的函数不会相互混合。

答案 2 :(得分:0)

您的查询字符串中遗漏了" 替换这一行:

$query = "INSERT INTO base(mail,name) VALUES ('$maila','$name');

由此:

$query = "INSERT INTO base(mail,name) VALUES ('$maila','$name')";
相关问题
最新问题