我的表单值在此页面上打印,但它们未插入到我的页面中 数据库。我不知道出了什么问题?如果所有值都在打印 这意味着价值在这个特定的页面上达到但没有进入 database.Even数据库中的列是排序的,但它仍然没有 工作
<?php
include("connection.php");
if(isset($_POST['continue']))
{
echo $eta_type = $_POST['eta_type'];
echo $firstname = $_POST['firstname'];
echo $lastname = $_POST['lastname'];
echo $title1=$_POST['title1'];
echo $dob=$_POST['dob'];
echo $gender=$_POST['gender'];
echo $nationality=$_POST['nationality'];
echo $cob=$_POST['cob'];
echo $passportnumber=$_POST['passportnumber'];
echo $pid=$_POST['pid'];
echo $ped=$_POST['ped'];
echo $residence=$_POST['residence'];
echo $possesseta=$_POST['possesseta'];
echo $multipleentry=$_POST['multipleentry'];
echo $arrivaldate=$_POST['arrivaldate'];
echo $purpose=$_POST['purpose'];
echo $final_dest=$_POST['final_dest'];
echo $stay_days=$_POST['stay_days'];
echo $add1=$_POST['add1'];
echo $add2=$_POST['add2'];
echo $city=$_POST['city'];
echo $state=$_POST['state'];
echo $pscode=$_POST['pscode'];
echo $country=$_POST['country'];
echo $addlanka=$_POST['addlanka'];
echo $email=$_POST['email'];
echo $alternate_email=$_POST['alternate_email'];
echo $phone=$_POST['phone'];
echo $mobile=$_POST['mobile'];
echo $fax=$_POST['fax'];
$date1 = date('Y-m-d', strtotime($dob));
$date2 = date('Y-m-d', strtotime($pid));
$date3 = date('Y-m-d', strtotime($ped));
$date4 = date('Y-m-d', strtotime($arrivaldate));
$address=$add1.$add2;
$sql= "INSERT INTO
user(applicationtype,
surname,givenname,
title,dob,gender,nationality,
cob,passportnumber,pid,ped,
residenceinsrilanka,processeta,
multipleentryofsrilanka,intentedarrivaldate,
purposeofvisit,finaldestination,staydays,address,
city,state,postalcode,country,addinsrilanka,email,
alternateemail,telephonenos,mobilenos,faxnos)
VALUES('$eta_type','$lastname','$firstname','$title1',
'$date1','$gender','$nationality','$cob',
'$passportnumber','$date2','$date3','$residence',
'$possesseta','$multipleentry','$date4','$purpose',
'$final_dest','$stay_days','$address','$city',
'$state','$pscode','$country','$addlanka','$email',
'$alternate_email','$phone','$mobile','$fax')";
$query = mysqli_query($conn, $sql);
if($query)
{
header("Location: continue-to-pay.php?pno=$passportnumber");
}
else
{
echo "<h4 style='color:red'>Failed.</h4>";
}
}
?>
答案 0 :(得分:0)
令人难以置信的危险代码......
阅读一些有关查询注入的内容....
以这种方式传递的任何值都可能会破坏您的查询。
您需要使用mysqi_escape_string()