用PHP编写程序时遇到问题

时间:2016-12-15 08:39:45

标签: php html mysql database xampp

我创建了两个表单,一个是注册表单,另一个是选择用户将要离开的日期。我在第二页中调用了用户的用户名..虽然我收到了它,但我收到一条消息“错误”,我的数据库上没有任何更新。这是我的第二页文件..我做错了什么?

<?php
session_start();
$EntryError=$ExitError="";
    if (isset($_POST['submit'])){
        $entrydate = $exitdate = "";
        $errorOccured = false;

        if (isset($_POST['tsmdate'])){
            $entrydate = trim($_POST['tsmdate']);
            if (strlen($entrydate) == 0){
                $EntryError = "date is missing";
                $errorOccured = true;
            }
        }
        else{
            $EntryError = "date is missing";
        }

        // checking for last name
        if (isset($_POST['tsmexit'])){
            $exitdate = trim($_POST['tsmexit']);
            if (strlen($exitdate) == 0){
                $ExitError = "First Name is missing";
                $errorOccured = true;
            }
        }
        else{
            $ExitError = "last Name is missing";
        }
        $ids=$_SESSION['tsmUserName'];
        var_dump($_SESSION);
        if(!$errorOccured){
            require_once("connection.php");
            $my_query="INSERT INTO timing (No, Entry Date and Time, Exit Date and Time, user_id) VALUES (NULL,'$EntryError','$exitdate','$ids')";
            $result=mysqli_query($connection,$my_query);
            if($result)
            {
                echo 'thank you';
            }
            else
            {
                echo 'error';
            }
            mysqli_close($connection);
        }
    }   
?>
<html>
<head>
</head>
<body>
<form name="dates" id="dates" method="POST" action="">
<table cellpadding="5" border="0" width="100%">
            <tr>
                <td colspan="3" align="center">
                <h1> select dates </h1>
                </td>
            </tr>

        <tr>
                <td width="30%" align="right">
                    <label for="tsmdate">Entry date and time</label>
                </td>
                <td align="left">
                    <input type="text" name="tsmdate" id="tsmdate" required="required">
                </td>
        </tr>
        <tr>
            <td width="30%" align="right">
                    <label for="tsmexit">Exit date and time</label>
                </td>
                <td align="left">
                    <input type="text" name="tsmexit" id="tsmexit" required="required">
                </td>
        </tr>

        <tr>
                <td colspan="2" align="center">
                    <input type="submit" name="submit" value="dates">
                </td>
            </tr>
        </table>
</form>
</body>
</html>

2 个答案:

答案 0 :(得分:1)

将INSERT查询更改为此

$my_query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL,'$EntryError','$exitdate','$ids')";

确保任何数据库字段名称在名称中都有空格,那么它应该在`(back tic)

之内

答案 1 :(得分:0)

由于列名中的空格,您的插入查询不是有效查询,我建议您将空格更改为“_”字符,这样您就不会遇到更多麻烦。如果你想保留空格,你必须使用“`”字符来转义列名。

示例

$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";

您的表单非常容易受到SQL注入的攻击,为了防止这种情况,您必须使用mysqli::real_escape_string函数来转义变量。

示例

$EntryError = mysqli_real_escape_string($connection, $EntryError);
$exitdate = mysqli_real_escape_string($connection, $exitdate);
$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";