以下是我的代码。
if ( empty($_POST)) {
echo '<script type="text/javascript">
alert("Tricky, you must have left something empty. That is why you are now will be redirected to Main page. Try again ;)");
window.location.href ="index.php"</script>';
}else {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_id = $_POST['email_id'];
$your_info = $_POST['your_info'];
$title = $_POST['title'];
$feed_area = $_POST['feed_area'];
$remote_addr = $_SERVER['REMOTE_ADDR'];
$type = $_POST['type'];
if(!empty($first_name) || !empty($last_name) || !empty($email_id) || !empty($your_info) || !empty($title) || !empty($feed_area) || !empty($type))
{
echo '<div id="header">
<div id="middle_heading">Confirmed!!!</div></div>';
$dbc = mysqli_connect('localhost', 'root', '', 'feed_update');
$query = "INSERT INTO feed_info (id, first_name, last_name, email_id, your_info, title,type, feed_area, feed_date, remote_addr)" VALUES (0, '$first_name', '$last_name', '$email_id', '$your_info', '$title', '$type', '$feed_area', NOW(), '$remote_addr')";
mysqli_query($dbc, $query)
or die("<script type='text/javascript'>alert('query error alert');</script>");
mysqli_close($dbc);
echo '<script type="text/javascript">window.location.href ="index.php"</script>';
}else {
echo '<script type="text/javascript">
alert("Tricky, you must have left something empty. That is why you are now will be redirected to Main page. Try again ;)");
window.location.href ="index.php"</script>';
}
}
?>
注意:
答案 0 :(得分:-1)
得到答案,我的数据需要转义。 Short和Sweet使用mysql_real_escape_string
代表。
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
并且我知道您必须在思考,我使用mysqli但是,当我尝试mysqli_real_espace_string()时,它会显示错误。
抱歉,打扰你的人。