关于php字符串长度查询的问题

时间:2014-04-11 07:02:54

标签: php

bellow是一个将数据插入表中的脚本。我已经使用strlen()函数来检查字符串的长度,如果字符串的长度低于限制,它确实会返回错误,但它不会阻止查询向表中添加另一行。我怎样才能做到这一点。非常感谢你

<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
//VALUES
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')";

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }

//here is the part in question

if (strlen($ProductName) < 10) 
{  
    die('Error: ' . mysqli_error($sql));
}
echo "1 record added";

mysqli_close($con);
?>

2 个答案:

答案 0 :(得分:0)

你在插入后检查字符串的长度,你需要在插入之前进行检查,如下所示:

<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
// Check connection
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

if (strlen($ProductName) < 10)
{
    die('Error: product name too short!');
}

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat,     product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";

if (!mysqli_query($con,$sql))
{
    die('Error: ' . mysqli_error($con));
}

//here is the part in question


echo "1 record added";

mysqli_close($con);
?>

编辑使用die不被视为最佳做法。更好的方法是将它(例如)包装在if语句中,如下所示:

<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
} elseif (strlen($ProductName) < 10) {
    echo 'Error: product name too short!';
} else {
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
          VALUES
          ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";

    if (!mysqli_query($con,$sql)) {
        echo 'Error: ' . mysqli_error($con);
    } else {
        echo "1 record added";
    }
}
mysqli_close($con);
?>

编辑2 根据您的评论,如果您想检查字符串是否不超过50个字符,您可以使用以下内容:

<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
} elseif (strlen($ProductName) < 10) {
    echo 'Error: product name too short!';
} elseif (strlen($ProductName) > 50) {
    echo 'Error: product name too long!';
} else {
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
          VALUES
          ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";

    if (!mysqli_query($con,$sql)) {
        echo 'Error: ' . mysqli_error($con);
    } else {
        echo "1 record added";
    }
}
mysqli_close($con);
?>

答案 1 :(得分:0)

脚本的顺序错误,逻辑需要如此:

<?php
$con=mysqli_connect("localhost","zxzxzx","zxzxzx","my_project");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
//VALUES
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')";

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";

// First thing is to ask your condition..

if (strlen($ProductName) < 10) 
{  
    die('Error: ' . mysqli_error($sql));
}

echo "1 record added";
if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }



mysqli_close($con);
?>

我建议您在查询中使用绑定参数以防止SQL注入。 PDO bindings

相关问题
最新问题