您好我使用bootstrap和PHP创建了一个rsvp表单。我是PHP和数据库连接的新手,所以我只想确认我正确地做了。我使用正确的语法,是否可以免受黑客攻击(SQL注入)等等。谢谢。
这是我的PHP:
<?php
$servername = "rsvp.db";
$username = "******";
$password = "******";
$dbname = "rsvp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if(isset($_POST["submit"])){
$serverrsvp = test_input($_POST["formrsvp"]);
$serverattend = test_input($_POST["formattend"]);
$serverfullname = test_input($_POST["formfullname"]);
$serveremail = test_input($_POST["formemail"]);
$serverguests = test_input($_POST["formguests"]);
$serverguestnames = test_input($_POST["formguestnames"]);
$serverextras = test_input($_POST["formextras"]);
$serverrsvp = mysqli_real_escape_string($conn, $serverrsvp);
$serverattend = mysqli_real_escape_string($conn, $serverattend);
$serverfullname = mysqli_real_escape_string($conn, $serverfullname);
$serveremail = mysqli_real_escape_string($conn, $serveremail);
$serverguests = mysqli_real_escape_string($conn, $serverguests);
$serverguestnames = mysqli_real_escape_string($conn, $serverguestnames);
$serverextras = mysqli_real_escape_string($conn, $serverextras);
$sql = "INSERT INTO rsvp (dbrsvp, dbattend, dbfullname, dbemail, dbguests, dbguestnames, dbextras)
VALUES ('$serverrsvp', '$serverattend', '$serverfullname', '$serveremail', '$serverguests', '$serverguestnames', '$serverextras')";
if ($conn->query($sql) === TRUE) {
echo "<script type= 'text/javascript'>alert('Thank you for your RSVP');</script>";
} else {
echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>" . $conn->error."');</script>";
}
$conn->close();
}
?>
这是我的HTML:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="radio">
<label>Attending Wedding:<br>
<input type="radio" name="formrsvp" value="Yes" aria-label="..." checked>Yes, because I'm awesome! <br>
<input type="radio" name="formrsvp" value="No" aria-label="...">No, because I wish I was cooler... <br>
</label>
</div>
<div class="checkbox">
<label>Attending Friday Also?<br>
<input type="checkbox" value="Friday" name="formattend">Friday: Rehersal Dinner & Beach Party <br>
</label>
</div>
<div class="form-group">
<label for="formfullname">Full Name:</label>
<input required type="name" name="formfullname" class="form-control" placeholder="Please enter your full name">
</div>
<div class="form-group">
<label for="formemail">Email Address:</label>
<input required type="email" name="formemail" class="form-control" placeholder="Please enter your email address">
</div>
<div class="select">
<label>Any Extra Guests:</label>
<select name="formguests" class="form-control">
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
</div>
<div class="textarea">
<label>Guest Names:</label>
<textarea name="formguestnames" class="form-control" rows="6" placeholder="Please enter the full name of any extra guests joining you..."></textarea>
</div>
<div class="textarea">
<label>Anything of Note:</label>
<textarea name="formextras" class="form-control" rows="10" placeholder="Please enter any specific information for the bride and groom, such as vegetarian guests, allergies, etc. If info is specific to a guest, please enter their name as well as info..."></textarea>
</div>
<br>
<button type="submit" value="Submit" name="submit" class="btn btn-default">Submit</button>
</form>