`mysql_real_escape_string()`返回空的MySql字段

时间:2016-04-06 12:11:31

标签: php html mysql

我有一个HTML联系表单,允许用户在message输入字段中写下他想要的任何内容。此表单使用AJAX发布,并在下面的PHP中进行处理。

我的问题是我在MySql表中得到一个空行。

我只是想知道为什么$message = $_POST['message'];会返回正确的值,当$message = mysql_real_escape_string($_POST['message']);返回空字符串!!

我在这里缺少什么? 

  //posted data   
  $firstName  = mysql_real_escape_string($_POST['firstName']);
  $lastName   = mysql_real_escape_string($_POST['lastName']);
  $name       = $firstName. ' ' .$lastName ;
  $email      = mysql_real_escape_string($_POST['email']);
  $phone      = mysql_real_escape_string($_POST['phone']);
  $subject    = mysql_real_escape_string($_POST['subject']);
  $hear       = mysql_real_escape_string($_POST['hear']);
  $message    = mysql_real_escape_string($_POST['message']);


  $db_server = mysql_connect($db_hostname, $db_username, $db_password)


  // Check if is Duplicates
  $query_usercheck = " select * from `test` where Name='$name' and Email='$email' and Phone='$phone' and Subject='$subject' and Message='$message' "; //matching all fields
  $usercheck = mysql_query($query_usercheck) or die(mysql_error());
  $row_usercheck = mysql_fetch_assoc($usercheck);
  $totalRows_usercheck = mysql_num_rows($usercheck);

  if ( $totalRows_usercheck > 0 ) {
        $duplicate = 'Yes';
  } else {
        $duplicate = 'No';
        //adding application data to MySql database
        $add = mysql_query("INSERT INTO `test` (`Date`, `Day`, `Time`, `Name`, `Email`, `Phone`, `Subject`, `From`, `Message`)
        VALUES ('$date','$day','$time','$name','$email','$phone','$subject','$hear','$message')");
  }

// close mysql
mysql_close();

2 个答案:

答案 0 :(得分:4)

问题是您执行mysql_real_escape_string后连接到数据库。请在转义变量之前将连接移动到数据库。

更好的是,摆脱已弃用的mysql_*函数(在PHP7中甚至已经消失了)!使用mysqli甚至更好:将PDO与预准备语句一起使用为mysql_real_escape_string is not safe

答案 1 :(得分:2)

var query = _documentSession.Advanced.DocumentQuery<Order, OrdersIndexFields>() .UsingDefaultOperator(QueryOperator.And); query.WhereBetweenOrEqual(OrdersIndexFields.DeliveryInfo_DeliveryDateUtc, predicate.LocalDeliveryFrom.Value, predicate.LocalDeliveryTo.Value); query.OrElse().WhereBetweenOrEqual(OrdersIndexFields.EmptyOrderDoneDate, predicate.LocalDeliveryFrom.Value, predicate.LocalDeliveryTo.Value); query.WhereEquals(OrdersIndexFields.Status, predicate.Status); query .Skip(0).Take(1024) .ToArray(); 需要有效的数据库连接才能完成工作。您在调用它时尚未建立连接。

相关问题
最新问题