我有代码
<form action="insert1.php" form method="POST">
<input type="text" name="product" /></p>
<input type="submit" value="Add">
并且
$mysqli = configuration();
$product = $_REQUEST['$product'];
$sql = "INSERT INTO Odiet (product) VALUES ('$product')";
if($mysqli ->query($sql)===TRUE){echo "ok";}
else{echo "not ok";}
$mysqli ->close();
它添加了没有文字的空字符串。
请帮忙。 感谢。
答案 0 :(得分:1)
替换此字符串:
Ext.application({
name: 'Fiddle',
launch: function () {
function createWindow() { // Creation of data model
Ext.define('StudentDataModel', {
extend: 'Ext.data.Model',
fields: [{
name: 'reasonCode',
mapping: 'reasonCode'
}, {
name: 'reasonCodeDescription',
mapping: 'reasonCodeDescription'
}, {
name: 'refField1',
mapping: 'refField1'
}, {
name: 'orderID',
mapping: 'orderID'
}, {
name: 'orderLineID',
mapping: 'orderLineID'
}]
});
Ext.create('Ext.data.Store', {
storeId: 'gridStore',
model: 'StudentDataModel',
data: [{
reasonCode: '123',
reasonCodeDescription: 'test test',
refField1: 'it just exammple',
orderID: 1234,
orderID: 12345
}, {
reasonCode: '1231',
reasonCodeDescription: 'test1 test',
refField1: '!it just exammple',
orderID: 12341,
orderID: 123451
}]
});
var gridPanel = Ext.create('Ext.grid.Panel', {
layout: 'fit',
store: 'gridStore',
stripeRows: true,
enableColumnMove: true,
enableColumnResize: true,
autoDestroy: true,
//id: 'gridId',
columns: [{
header: "SKU/Item Number",
dataIndex: 'refField1',
//id: 'refField1',
flex: 1,
sortable: true,
hideable: true
}, {
header: "Reason Code",
dataIndex: 'reasonCode',
// id: 'reasonCode',
flex: 1,
sortable: true, // property to sort grid column data.
hideable: true // property which allows column to be hidden run time on user request.
}, {
header: "Description",
dataIndex: 'reasonCodeDescription',
// id: 'reasonCodeDescription',
flex: 1,
sortable: true,
hideable: false // this column will not be available to be hidden.
}, {
header: "DO :: DO Line",
dataIndex: 'orderLineID',
//id: 'doDoLine',
flex: 1,
sortable: true,
renderer: function (value, metadata, record, rowIndex, colIndex, store) {
var do_DOLine = record.raw.orderID + " :: " + record.raw.orderLineID;
return do_DOLine;
}
}]
});
var tablePopup = new Ext.Window({
title: 'Cancellation Reason Codes',
width: window.innerWidth,
//id: 'crcWin',
plain: true,
modal: true,
autoDestroy: true,
closeAction: 'destroy', //If you want to use hide then you need to be show same window instead of new create
// closeAction: 'close', //https://docs.sencha.com/extjs/4.2.6/#!/api/Ext.window.Window-cfg-closeAction
items: [gridPanel]
});
tablePopup.show();
}
Ext.create('Ext.button.Button', {
text: 'Create window',
renderTo: Ext.getBody(),
handler: createWindow
})
}
});
有了这个
$product = $_REQUEST['$product'];
答案 1 :(得分:-1)
我只修复了代码中的一个错误,你需要这样说:
$mysqli = configuration();
$product = $_REQUEST['product'];
$sql = "INSERT INTO Odiet (product) VALUES ('$product')";
if($mysqli ->query($sql)===TRUE){echo "ok";}
else{echo "not ok";}
$mysqli ->close();
您可以通过字段名称从html表单获取值,但之前没有dolar符号。
请注意,您的代码并不安全。不要将原始用户数据放在sql语句中,而是使用prepared statements
答案 2 :(得分:-1)
您应该知道使用哪一个,$_REQUEST会给您的数据库带来巨大的安全风险。也可以使用红外线声明。
$sql = "INSERT INTO Odiet (product) VALUES (?)";
if ($stmt = $mysqli->prepare($sql)) {
$stmt->bind_param("s", $_POST['product']);
if($stmt->execute()){
echo "ok";
} else {
echo "not ok";
}
}
关闭数据库连接也没什么用,因为这是在脚本执行后自动完成的。