我知道stackoverflow上有很多这样的问题,但没有一个卖掉了我的问题。
我正在制作活动日历,目前正在构建添加活动页面。提交页面时没有显示错误,但表单信息没有上传到数据库,我不知道为什么我检查了语法并且看不到任何错误。
*请求loginform.php和core.php请求显示$ _SESSION ['user_id']的位置。来自 码: loginform.php
<?php
$con = mysql_connect("localhost","pytsuemg_brodie","brodie");
$db = mysql_select_db("pytsuemg_brodie");
if (isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$password_hash =md5($password);
if (!empty($username)&&!empty($password)) {
$query="SELECT `AccountID` FROM `Parent` WHERE `Username`='$username' AND `Password`='$password_hash'";
if ($query_run = mysql_query($query)) {
$query_num_rows = mysql_num_rows($query_run);
if ($query_num_rows==0) {
echo 'Invalid username/password combination';
} else
if ($query_num_rows==1) {
$user_id = mysql_result($query_run,0,'AccountID');
$_SESSION['user_id']=$user_id;
header('Location: profilepage.php');
}
}
} else {
echo 'You must supply a username and password.';
}
}
?>
<form action="login.php" method="POST">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" value="Log In">
</form>
core.php
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
function loggedin() {
if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
return true;
} else {
return false;
}
}
?>
addevent.php
require 'core.php';
$con=mysqli_connect("localhost","pytsuemg_brodie","brodie","pytsuemg_brodie");
if (isset($_POST['DateStart'])&&isset($_POST['DateEnd'])&&isset($_POST['TimeStart'])&&isset($_POST['TimeEnd'])&&isset($_POST['EventType'])&&isset($_POST['Description'])&&isset($_POST['Children'])&&isset($_POST['Location'])&&isset($_POST['MealsGiven'])){
$DateStart = $_POST['DateStart'];
$DateEnd = $_POST['DateEnd'];
$TimeStart = $_POST['TimeStart'];
$TimeEnd = $_POST['TimeEnd'];
$EventType = $_POST['EventType'];
$Description = $_POST['Description'];
$Children = $_POST['Children'];
$Location = $_POST['Location'];
$MealsGiven = $_POST['MealsGiven'];
if (!empty($DateStart)&&!empty($DateEnd)&&!empty($TimeStart)&&!empty($TimeEnd)&&!empty($EventType)&&!empty($Description)&&!empty($Children)&&!empty($Location)&&!empty($MealsGiven)){
$sql = "INSERT INTO Events (DateStart, DateEnd, TimeStart, TimeEnd, Location, EventType, MealsGiven, description,Children, AccountID) VALUES(
'$DateStart','$DateEnd','$TimeStart','$TimeEnd','$Location','$EventType','$MealsGiven','$Description','$Children','".$_SESSION['user_id']."')";
mysqli_query($con, $sql);
/* commit transaction */
if (!mysqli_commit($con)) {
print("Transaction commit failed\n");
exit();
}
} else {
echo'All fields are required';
}
}
/* close connection */
mysqli_close($con);
?>
<br>
<form action="addevent.php" method="post">
<p> Date:<label for="from"> From</label>
<input type="text" id="from" name="DateStart">
<label for="to">to</label>
<input type="text" id="to" name="DateEnd"></p>
<p>Start Time:<input type="text" name="TimeStart" /></p>
<p>End Time:<input type="text" name="TimeEnd" /></p>
<p>Event Type :
<select name="EventType">
<option value="Change over">Changeover</option>
<option value="Parents Evening">Parents Evening</option>
<option value="After School Activity">After School Activity</option>
<option value="Weekend Activity">Weekend Activity</option>
<option value="Holiday">Holiday</option>
</select> </p>
<p>Description (max 100 Characters) <br><textarea rows="2" cols="50" maxlength="100" name="Description"></textarea></p>
<p>Children Involved: <br><textarea rows="1" cols="50" maxlength="32" name="children"></textarea></p>
<p>Location: <input type="text" name="Location" /></p>
<p>Meals Given: <select name="MealsGiven">
<option value="Yes">Yes</option>
<option value="No">No</option>
</select></p>
<p><input type="submit" value="Submit"/></p>
</form>
答案 0 :(得分:0)
此name="children"和$_POST['Children']不一样。
您需要将其更改为name="Children"
POST变量区分大小写。
请密切关注Brad's comment (要认真对待)非常值得付出努力。
This article读得很好。
我注意到您使用md5()存储密码(根据您的loginform.php文件),这被视为“太快”。这不再被认为是安全的。考虑使用一些最新的密码存储技术,例如PHP的password_hash()函数(如果在PHP 5.5上)或crypt()
您的loginform.php文件使用mysql_*个功能,而addevent.php正在使用mysqli_*个功能。我建议您对所有文件使用相同的SQL函数,mysqli_*使用prepared statements或PDO。