Php联系表单插入Mysql

时间:2014-06-27 22:11:25

标签: php html mysql forms

最后编辑:现在一切正常都会发布在工作代码之下,清理后就像idealcastle说的那样修复了一些语法错误一切正常,因为它应该与javascript验证一起谢谢大家

HTML代码:

<form name = "contact " id="contact_form" action="postcontact.php" method="post" onsubmit="return validateForm();">
                <div id ="boxc">
                    <h3>Porosia juaj ?</h3>
                    <input name="orders" type="checkbox" value="veshje">Veshje
                    <input name="orders" type="checkbox" value="mbathje">Mbathje
                    <input name="orders" type="checkbox" value="stoli">Stoli
                </div>
                <div class="row">
                    <label class="required" for="name" >Emri:</label><br />
                    <input id="name" name="name" type="text" value="" size="30" placeholder = "Emri"/><br />
                    <span id="name_validation" class="error"></span>
                </div>
                <label class="required"  >Country/State:</label><br />
                <div class = "row"id="statecmb"><select name = "state">
                     <option value="chose" selected>[choose yours]</option>
                    <option value="albania">Albania</option>
                    <option value="kosovo">Kosovo</option>
                    <option value="germany">Germany</option>
                    <option value="bangladesh">Bangladesh</option>

                </select>
                <span id="state_validation" class="error"></span></div>
                <div class="row">
                    <label class="required" for="email" >Email:</label><br />
                    <input id="email" name="email" type="text" value="" size="30"placeholder = "Email" /><br />
                    <span id="email_validation" class="error"></span>
                </div>
                <div class="row">
                    <label class="required" for="message" >Mesazhi:</label><br />
                    <textarea id="message" name="message" rows="7" cols="30" placeholder = "Mesazhi"></textarea><br />
                    <span id="message_validation" class="error"></span>
                </div>

                <input name="submit" id = "sub"type="submit" value="Submit" />
                <div class="rating">
                    <h3>Vlerso Sherbimin :</h3>
                    <input type="radio" name="rate" value="1">1
                    <input type="radio" name="rate"value="2">2
                    <input type="radio" name="rate" value="3">3
                    <input type="radio"name="rate" value="4">4
                    <input type="radio" name="rate" value="5">5
                </div>
            </form>

Javascript文件:

function validateForm() {
    var valid = 1;
    var email = document.getElementById('email');
    var email_validation = document.getElementById("email_validation");
    var name = document.getElementById('name');
    var name_validation = document.getElementById("name_validation");
    var message_validation = document.getElementById("message_validation");
    var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

    if (name.value === "") {
        valid = 0;
        name_validation.innerHTML = "Ju lutem shenoni emrin tuaj";
        name_validation.style.display = "block";
        name_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        name_validation.style.display = "none";
        name_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (message.value === "") {
        valid = 0;
        message_validation.innerHTML = "Ju lutem plotesoni fushen e mesazhit";
        message_validation.style.display = "block";
        message_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        message_validation.style.display = "none";
        message_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (email.value === "") {
        valid = 0;
        email_validation.innerHTML = "Ju lutem shenoni email tuaj";
        email_validation.style.display = "block";
        email_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        email_validation.style.display = "none";
        email_validation.parentNode.style.backgroundColor = "transparent";
    }

    if (!filter.test(email.value)) {
        valid = 0;
        email_validation.innerHTML = "Email juaj nuk eshte valid";
        email_validation.style.display = "block";
        email_validation.parentNode.style.backgroundColor = "#FFDFDF";
    } else {
        email_validation.style.display = "none";
        email_validation.parentNode.style.backgroundColor = "transparent";
    }
    if (!valid)
        alert("KENI ERROR : Fushat duhen te plotesohen ");

}

PHP FIle:

<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'herdesigns';
$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());
/* mysqli_select_db($con , $db); */
?>

<?php

if (isset($_POST['submit']))
{
$name = mysqli_real_escape_string($con, $_POST['name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$message = mysqli_real_escape_string($con, $_POST['message']);
$rate = mysqli_real_escape_string($con, $_POST['rate']);
$orders = mysqli_real_escape_string($con, $_POST['orders']);
$state = mysqli_real_escape_string($con, $_POST['state']);
/*$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());*/
/*mysqli_select_db($con , $db);*/
$sql = "INSERT INTO contacts (
orders,
name,
state,
email,
message,
rate
)
VALUES (
'$orders',
'$name',
'$state',
'$email',
'$message',
'$rate'
)";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "Mesazhi juaj eshte postuar me sukses";
header('Location:contact.php');

mysqli_query($con, $sql);

mysqli_close($con);
}
?>

2 个答案:

答案 0 :(得分:0)

修改 NOW()也在哪个领域?

如果没有实际字段要发送该日期时间,我会删除它。或者为其添加一个字段。尝试提交没有NOW的Mysql()它看起来像

$sql = "INSERT INTO contacts (
            name,
            email,
            message,
            rate,
            orders,
            state
        )
        VALUES (
            '$name',
            '$email',
            '$message',
            '$rate',
            '$orders', 
            '$state'
        )";

首先我注意到的是PHP代码正在浏览器中显示。如果您被发送到文件://这是不好的,您应该使用

http//localhost/ 

(如果您在本地进行测试)或当然使用服务器URL(如果是。)

在这里找到了 Browser is showing PHP code instead of processing it

<强>第二下, 你应该清理你输入的mysql数据。如果这些值中的任何一个用单/双引号提交内容,则mysql查询将失败。

由于您使用的是旧的mysql函数,因此这里应该使用的转义函数

 mysql_real_escape_string()

我会这样做,

 $sql = "INSERT INTO contacts (
            name,
            email,
            message,
            rate,
            orders,
            state
        )
        VALUES (
            '".mysql_real_escape_string($name)."',
            '".mysql_real_escape_string($email)."',
            '".mysql_real_escape_string($message)."',
            '".mysql_real_escape_string($rate)."',
            '".mysql_real_escape_string($orders)."', 
            '".mysql_real_escape_string($state)."',
            NOW()
        )";

我不确定这些是否是其中任何一个原因,但它们是你发布的内容的危险信号。您应该始终清理(转义)来自崩溃的mysql查询的任何输入。

答案 1 :(得分:0)

它可能是validform.php上的错误代码500。

请在firefox上安装firefug,它会为您节省大量时间。键入[F12]重新加载页面,网络选项卡将显示错误代码。

另外,您需要通过网络服务器获取此页面:http://localhost/dir/file而不是c://shittyos_amp/dir/thing.php

另外,您应该使用PDO的API进行连接,并且每次使用DB作为pdo-&gt; prepare的请求都将为您轻松保护请求。

不要担心它很容易! 见PHP: Is mysql_real_escape_string sufficient for cleaning user input?

不要说你不需要安全性:如果用户在其中键入sql命令,此输入表单可能会删除您的数据库!

如果文件是客户端执行的,它将永远不会保护任何事情,因为用户可以禁用JS。

注意:我仍然认为自己是一个菜鸟(这是我在这里的第一个答案!),永远不要忘记网络的日常移动,作为安全。后端和前端是服务器端它是一个应用程序的观点:前端=友好接口(代码)后端= api(硬/或低级代码)

PS:Flash是丑陋而过时的,Adobe产品并不像自由那样自由,而且他们的云很糟糕^^(巨魔关闭)

是你的吗? http://www.her-design.com/