无法在mysql中插入任何字符串

时间:2014-07-18 15:53:45

标签: php mysql string insert

我在将字符串插入mysql时遇到问题。我可以插入数字,但不能插入字符串。任何人都可以看看这个吗?谢谢你的帮助。

我的表(剧集)看起来像

id  int(11) notnull          
serie   int(11) notnull          
name    varchar(255)    notnull          
comment varchar(255)    notnull          
embed   varchar(255)    notnull          

这是PHP代码:

<?php
require_once "config.php";

$connect = mysql_connect( "$db_host", "$db_user", "$db_pw") or die(mysql_error());  
mysql_select_db("$db_name") or die( mysql_error() );

if(isset($_POST['pridatdiel'])) {   
    mysql_query("INSERT INTO `episodes` (`id`, `serie`, `name`, `comment`, `embed`)
    VALUES ('', '$cisloserie', '$menodielu', '$popis', '$embed')");
    header("refresh: 0;");
}

function stripinput($text) {
    if (!is_array($text)) {
        $text = stripslash(trim($text));
        $text = preg_replace("/(&amp;)+(?=\#([0-9]{2,3});)/i", "&", $text);
        $search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", "&nbsp;");
        $replace = array("&amp;", "&quot;", "&#39;", "&#92;", "&quot;", "&#39;", "&lt;", "&gt;", " ");
        $text = str_replace($search, $replace, $text);
    } else {
        foreach ($text as $key => $value) {
            $text[$key] = stripinput($value);
        }
    }
    return $text;
}

if(isset($_POST['menodielu'])) {$menodielu = stripinput($_POST['menodielu']);}
if(isset($_POST['cisloserie'])) {$cisloserie = stripinput($_POST['cisloserie']);}
if(isset($_POST['popis'])) {$popis = stripinput($_POST['popis']);}
if(isset($_POST['embed'])) {$embed = stripinput($_POST['embed']);}

echo '    
  <form method="post">    
  meno dielu<input type="text" name="menodielu">       
  <select name="cisloserie">'; 
  $data = mysql_query("SELECT * FROM `series`") or die(mysql_error());   
  while($info = mysql_fetch_array( $data )) 
  {
  echo "<option value=".$info['serie_id'].">".$info['serie_id']."</option>";
  }
  echo '
  </select>     
  popis<input type="text" name="popis">        
  embed<input type="text" name="embed">      
  <input type="submit" value="pridať diel" name="pridatdiel">
  </form>
 ';
?>

1 个答案:

答案 0 :(得分:0)

您正在执行查询:

if(isset($_POST['pridatdiel'])) {   
    mysql_query("INSERT INTO `episodes` (`id`, `serie`, `name`, `comment`, `embed`)
    VALUES ('', '$cisloserie', '$menodielu', '$popis', '$embed')");
    header("refresh: 0;");
}

...在您初始化变量之前:

if(isset($_POST['menodielu'])) {$menodielu = stripinput($_POST['menodielu']);}
if(isset($_POST['cisloserie'])) {$cisloserie = stripinput($_POST['cisloserie']);}
if(isset($_POST['popis'])) {$popis = stripinput($_POST['popis']);}
if(isset($_POST['embed'])) {$embed = stripinput($_POST['embed']);}

MySQL正在查看一个为每个字段插入空值的查询。您应该打开PHP的错误报告级别,以便在您尝试使用未定义的变量时向您发出警告:

error_reporting(-1);

请使用PHP提供的mysql_real_escape_string()功能,而不是stripinput()。展望未来,您还应该避免使用已弃用的mysql扩展程序 - 使用PDOmysqli这两个扩展程序都支持预备语句。