表单值未插入我的数据库

时间:2017-09-08 07:46:28

标签: javascript php html css mysql

我的表单值在此页面上打印,但它们未插入到我的页面中    数据库。我不知道出了什么问题?如果所有值都在打印    这意味着价值在这个特定的页面上达到但没有进入    database.Even数据库中的列是排序的,但它仍然没有    工作

 <?php
 include("connection.php");
 if(isset($_POST['continue']))
   {
echo $eta_type = $_POST['eta_type'];
echo     $firstname = $_POST['firstname'];
echo      $lastname = $_POST['lastname'];
echo     $title1=$_POST['title1'];
echo    $dob=$_POST['dob'];
echo    $gender=$_POST['gender'];                         
echo   $nationality=$_POST['nationality'];         
echo    $cob=$_POST['cob'];         
echo   $passportnumber=$_POST['passportnumber'];
echo  $pid=$_POST['pid'];                            
echo  $ped=$_POST['ped'];   
echo $residence=$_POST['residence']; 
echo  $possesseta=$_POST['possesseta'];
echo $multipleentry=$_POST['multipleentry'];
echo   $arrivaldate=$_POST['arrivaldate'];
echo   $purpose=$_POST['purpose'];
echo   $final_dest=$_POST['final_dest'];
echo   $stay_days=$_POST['stay_days'];
echo $add1=$_POST['add1'];
echo   $add2=$_POST['add2'];
echo    $city=$_POST['city'];
echo    $state=$_POST['state'];
echo   $pscode=$_POST['pscode'];
echo    $country=$_POST['country'];
echo   $addlanka=$_POST['addlanka'];
echo $email=$_POST['email'];
echo   $alternate_email=$_POST['alternate_email'];
echo   $phone=$_POST['phone'];
echo $mobile=$_POST['mobile'];
echo  $fax=$_POST['fax'];
$date1 = date('Y-m-d', strtotime($dob));
$date2 = date('Y-m-d', strtotime($pid));
$date3 = date('Y-m-d', strtotime($ped));
$date4 = date('Y-m-d', strtotime($arrivaldate));
$address=$add1.$add2;
$sql= "INSERT INTO 
user(applicationtype,
surname,givenname,
title,dob,gender,nationality,
cob,passportnumber,pid,ped,
residenceinsrilanka,processeta,
multipleentryofsrilanka,intentedarrivaldate,
purposeofvisit,finaldestination,staydays,address,
city,state,postalcode,country,addinsrilanka,email,
alternateemail,telephonenos,mobilenos,faxnos) 
VALUES('$eta_type','$lastname','$firstname','$title1',
'$date1','$gender','$nationality','$cob',
'$passportnumber','$date2','$date3','$residence',
'$possesseta','$multipleentry','$date4','$purpose',
'$final_dest','$stay_days','$address','$city',
'$state','$pscode','$country','$addlanka','$email',
'$alternate_email','$phone','$mobile','$fax')";
 $query = mysqli_query($conn, $sql);
 if($query)
    {
      header("Location: continue-to-pay.php?pno=$passportnumber");
    }
    else
    {
        echo "<h4 style='color:red'>Failed.</h4>";
    }
   } 
   ?>

1 个答案:

答案 0 :(得分:0)

令人难以置信的危险代码......

阅读一些有关查询注入的内容....

以这种方式传递的任何值都可能会破坏您的查询。

您需要使用mysqi_escape_string()

来转义您的值

http://php.net/manual/fr/mysqli.real-escape-string.php

相关问题
最新问题