bellow是一个将数据插入表中的脚本。我已经使用strlen()函数来检查字符串的长度,如果字符串的长度低于限制,它确实会返回错误,但它不会阻止查询向表中添加另一行。我怎样才能做到这一点。非常感谢你
<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
//VALUES
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')";
$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
//here is the part in question
if (strlen($ProductName) < 10)
{
die('Error: ' . mysqli_error($sql));
}
echo "1 record added";
mysqli_close($con);
?>
答案 0 :(得分:0)
你在插入后检查字符串的长度,你需要在插入之前进行检查,如下所示:
<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (strlen($ProductName) < 10)
{
die('Error: product name too short!');
}
$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
//here is the part in question
echo "1 record added";
mysqli_close($con);
?>
编辑使用die
不被视为最佳做法。更好的方法是将它(例如)包装在if
语句中,如下所示:
<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} elseif (strlen($ProductName) < 10) {
echo 'Error: product name too short!';
} else {
$sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";
if (!mysqli_query($con,$sql)) {
echo 'Error: ' . mysqli_error($con);
} else {
echo "1 record added";
}
}
mysqli_close($con);
?>
编辑2 根据您的评论,如果您想检查字符串是否不超过50个字符,您可以使用以下内容:
<?php
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} elseif (strlen($ProductName) < 10) {
echo 'Error: product name too short!';
} elseif (strlen($ProductName) > 50) {
echo 'Error: product name too long!';
} else {
$sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";
if (!mysqli_query($con,$sql)) {
echo 'Error: ' . mysqli_error($con);
} else {
echo "1 record added";
}
}
mysqli_close($con);
?>
答案 1 :(得分:0)
脚本的顺序错误,逻辑需要如此:
<?php
$con=mysqli_connect("localhost","zxzxzx","zxzxzx","my_project");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
//VALUES
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')";
$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num)
VALUES
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')";
// First thing is to ask your condition..
if (strlen($ProductName) < 10)
{
die('Error: ' . mysqli_error($sql));
}
echo "1 record added";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
我建议您在查询中使用绑定参数以防止SQL注入。 PDO bindings