我正在创建一个聊天系统,其中可以发送一条消息,该消息将存储在数据库中,可以检索到显示在收件箱中,现在当我尝试保存消息时,我无法将信息插入数据库。请帮忙
代码:
include("inc/header.inc.php");
if (isset($_GET['u'])) {
$username = mysql_real_escape_string($_GET['u']);
if (ctype_alnum($username)) {
//check user exists
$check = mysql_query("SELECT username FROM users WHERE username='$username'");
if (mysql_num_rows($check) === 1) {
$get = mysql_fetch_assoc($check);
$username = $get['username'];
//Check user isn't sending themself a private message
if ($username != $user) {
if (isset($_POST['submit'])) {
$msg_title = strip_tags($_POST['msg_title']);
$msg_body = strip_tags($_POST['msg_body']);
$date = date("Y-m-d");
$opened = "no";
$deleted = "no";
if ($msg_title == "Enter the message title here ...") {
echo "Please give your message a title.";
}
else if (strlen($msg_title) < 3) {
echo "Your message title cannot be less than 3 characters in length!";
}
else if ($msg_body == "Enter the message you wish to send ...") {
echo "Please write a message.";
}
else if (strlen($msg_body) < 3) {
echo "Your message cannot be less than 3 characters in length!";
}
else {
$send_msg = mysql_query("INSERT INTO pvt_messages (id, user_from, user_to, msg_body, date, opened) VALUES ('','$user','$username','$msg_title','$msg_body','$date','$opened','$deleted')");
echo "Your message has been sent!";
}
}
echo "
<form action='send_msg.php?u=$username' method='POST'>
<h2>Compose a Message to $username</h2>
<input type='text' name='msg_title' size='30' onClick=\"value=''\" value='Enter the message title here ...'><p />
<textarea cols='50' rows='12' name='msg_body' style='margin-left: 0px; margin-right: 0px; width: 305px;'>Enter the message you wish to send ...</textarea><p />
<input type='submit' name='submit' class='btn btn-primary' value='Send Message'>
</form>
";
}
else {
header("Location: $user");
}
}
}
}
可能是什么问题?
答案 0 :(得分:0)
U插入''进入“id”列 - 这不是错误的吗?使用try {} catch {}来检查是否有错误。并且不要使用strip_tags(而是使用filter_var或htmlentities)。阅读有关Sql注入的信息。
答案 1 :(得分:0)
我发现了我的错误,我插入的值比db中的实际列要多,所以我删除了VALUES()部分中不存在的列。
感谢您的选择,将尝试它们。
答案 2 :(得分:-1)
可能是错的,但是你不应该使用&#34; mysql_query(&#34; INSERT ......&#34;而不是&#34; $ send_msg = mysql_query(&#34; INSERT .. &#34;