我在将字符串插入mysql时遇到问题。我可以插入数字,但不能插入字符串。任何人都可以看看这个吗?谢谢你的帮助。
我的表(剧集)看起来像
id int(11) notnull
serie int(11) notnull
name varchar(255) notnull
comment varchar(255) notnull
embed varchar(255) notnull
这是PHP代码:
<?php
require_once "config.php";
$connect = mysql_connect( "$db_host", "$db_user", "$db_pw") or die(mysql_error());
mysql_select_db("$db_name") or die( mysql_error() );
if(isset($_POST['pridatdiel'])) {
mysql_query("INSERT INTO `episodes` (`id`, `serie`, `name`, `comment`, `embed`)
VALUES ('', '$cisloserie', '$menodielu', '$popis', '$embed')");
header("refresh: 0;");
}
function stripinput($text) {
if (!is_array($text)) {
$text = stripslash(trim($text));
$text = preg_replace("/(&)+(?=\#([0-9]{2,3});)/i", "&", $text);
$search = array("&", "\"", "'", "\\", '\"', "\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
} else {
foreach ($text as $key => $value) {
$text[$key] = stripinput($value);
}
}
return $text;
}
if(isset($_POST['menodielu'])) {$menodielu = stripinput($_POST['menodielu']);}
if(isset($_POST['cisloserie'])) {$cisloserie = stripinput($_POST['cisloserie']);}
if(isset($_POST['popis'])) {$popis = stripinput($_POST['popis']);}
if(isset($_POST['embed'])) {$embed = stripinput($_POST['embed']);}
echo '
<form method="post">
meno dielu<input type="text" name="menodielu">
<select name="cisloserie">';
$data = mysql_query("SELECT * FROM `series`") or die(mysql_error());
while($info = mysql_fetch_array( $data ))
{
echo "<option value=".$info['serie_id'].">".$info['serie_id']."</option>";
}
echo '
</select>
popis<input type="text" name="popis">
embed<input type="text" name="embed">
<input type="submit" value="pridať diel" name="pridatdiel">
</form>
';
?>
答案 0 :(得分:0)
您正在执行查询:
if(isset($_POST['pridatdiel'])) {
mysql_query("INSERT INTO `episodes` (`id`, `serie`, `name`, `comment`, `embed`)
VALUES ('', '$cisloserie', '$menodielu', '$popis', '$embed')");
header("refresh: 0;");
}
...在您初始化变量之前:
if(isset($_POST['menodielu'])) {$menodielu = stripinput($_POST['menodielu']);}
if(isset($_POST['cisloserie'])) {$cisloserie = stripinput($_POST['cisloserie']);}
if(isset($_POST['popis'])) {$popis = stripinput($_POST['popis']);}
if(isset($_POST['embed'])) {$embed = stripinput($_POST['embed']);}
MySQL正在查看一个为每个字段插入空值的查询。您应该打开PHP的错误报告级别,以便在您尝试使用未定义的变量时向您发出警告:
error_reporting(-1);
请使用PHP提供的mysql_real_escape_string()
功能,而不是stripinput()
。展望未来,您还应该避免使用已弃用的mysql
扩展程序 - 使用PDO
或mysqli
这两个扩展程序都支持预备语句。