我的PHP脚本没有处理我的Html变量。
<form method="post" action="mod3_Variables.php">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Variable One</td>
<td><input name="VariableArray[]" type="text" id="VariableArray[]" required oninvalid="this.setCustomValidity('You must enter a variable')" onchange="this.setCustomValidity('')" pattern="[a-zA-Z]+" title="Only letters are allowed here"></td>
</tr>
<tr>
<td width="100">Variable Two</td>
<td><input name="VariableArray[]" type="text" id="VariableArray[]" required oninvalid="this.setCustomValidity('You must enter a variable')" onchange="this.setCustomValidity('')" pattern="[a-zA-Z]+" title="Only letters are allowed here"></td>
</tr>
<tr>
<td width="100">Variable Three</td>
<td><input name="VariableArray[]" type="text" id="VariableArray[]" required oninvalid="this.setCustomValidity('You must enter a variable')" onchange="this.setCustomValidity('')"" pattern="[a-zA-Z]+" title="Only letters are allowed here"></td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="find" type="submit" id="add" value="Insert New Record">
</td>
</tr>
</table>
</form>
这是继续返回我的else语句的PHP。
<?php
$VariableArray= filter_input(INPUT_POST, 'VariableArray', FILTER_SANITIZE_STRING);
$sql= "INSERT INTO employees (VariableArray)
VALUES ('$VariableArray')";
$result = mysqli_query($con, $sql);
$sql = "SELECT * from employees WHERE VariableArray = $VariableArray LIMIT 1";
$result = mysqli_query($con, $sql);
if ($result) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "<b> These Are Your Variables in Alphabetical Order:</b><br>";
echo "<b>Variables: " . $row["VariableArray"]. "</b><br>";
}
} else {
echo "Sorry there are no matches! Please check your entry and try again.";
}
上面是我继续收到的else语句,我没有得到实际的数组表单值。
mysqli_close($con);
?>
如果有人知道为什么信息没有被处理,我将非常感谢您的帮助。
答案 0 :(得分:0)
看起来你非常接近。一些事情。
id="VariableArray[]"
所有都需要独一无二。元素ID不能具有相同的引用。
id="var1"
id="var2"
id="var3"
在这种情况下或者你喜欢的任何东西都可以,它们可以是相同的,并且在整个页面上应该是唯一的。同样在你的第3个输入上你有一个额外的双引号
onchange="this.setCustomValidity('')""
应该是:
onchange="this.setCustomValidity('')"
最后你使用的sql非常容易受到攻击,主要是过滤后的sql注入。查看PDO或mysqli准备的语句,以帮助解决这个问题。您还尝试将数组存储到数据库中,而当前的形式是不可能的。
$ VariableArray
假设列&#39; VariableArray&#39;在你的数据库需要字符串,你需要将其转换为字符串,最简单的方法是使用implode。
$var_string = implode(',', $VariableArray);
然后将$ var_string存储在&#39; VariableArray&#39;柱。当您从数据库中检索它时,您可以直接将其放回到数组中
$VariableArray = explode(',', $var_string);
编辑:如果我没有使用函数,这就是我准备语句的方法。它应该工作但是还没有能够测试它。它还按字母顺序对数组进行排序。
<?php
$vars = $_POST['VariableArray'];
asort($vars);
$str_var = implode(',', $vars);
$mysqli = new mysqli($host, $user, $pass, $db_name);
if ($mysqli->connect_errno) {
echo "Error MySQLi: (" . $mysqli->connect_errno. ") " . $mysqli->connect_error;
}else{
$sql = "INSERT INTO `employees` (`VariableArray`) VALUES (?)";
if($stmt = $mysqli->prepare($sql)){
$stmt->bind_param("s", $str_var);
if($stmt->execute()){
// call select
$stmt->close();
$sql = "SELECT `VariableArray` FROM `employees` WHERE `VariableArray` = ? LIMIT 1";
if($stmt = $this->DAL->mysqli->prepare($sql)){
$stmt->bind_param('s', $str_var);
if($stmt->execute()){
$stmt->bind_result($variable_string);
$stmt->store_result();
if ($stmt->fetch()) {
echo "<b> These Are Your Variables in Alphabetical Order:</b><br>";
echo "<b>Variables: " . htmlspecialchars($variable_string). "</b><br>";
$stmt->close();
}else{
echo 'Failed to find ' . htmlspecialchars($str_var);
}
}else{
// testing only would echo a generic message if it was displayed to users
echo 'Failed to execute select query | ' . $mysqli->error;
}
}else{
// testing only would echo a generic message if it was displayed to users
echo 'SQL Statement select failed | ' . $mysqli->error;
}
}else{
// testing only would echo a generic message if it was displayed to users
echo 'Failed to execute insert query | ' . $mysqli->error;
}
}else{
// testing only would echo a generic message if it was displayed to users
echo 'SQL Statement insert failed | '.$mysqli->error;
}
}
?>
答案 1 :(得分:0)
这是获取$ _POST变量的一种方法,并且正如我所读到的那样,没有像你想要的爆炸数组的过滤器。 您可以执行类似的操作并更改此代码
$VariableArray= filter_input(INPUT_POST, 'VariableArray', FILTER_SANITIZE_STRING);
到这个
$VariableArray= filter_input(INPUT_POST, 'VariableArray', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
$string = '';
foreach($VariableArray as $v)
$string .= "$v,";
$VariableArray = substr($string, 0, -1);
它将使用逗号删除它们之间的值
完整代码:
if (isset($_POST['find'])) {
$VariableArray= filter_input(INPUT_POST, 'VariableArray', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
$string = '';
foreach($VariableArray as $v)
$string .= "$v,";
$VariableArray = substr($string, 0, -1);
$sql = "INSERT INTO `employees` (VariableArray) VALUES ('$VariableArray')";
$query = mysqli_query($con, $sql);
if ($query) {
$sql = "SELECT * from `employees` WHERE VariableArray = '$VariableArray' LIMIT 1";
$query = mysqli_query($con, $sql);
// output data of each row
while($row = mysqli_fetch_assoc($query)) {
echo "<b> These Are Your Variables in Alphabetical Order:</b><br>";
echo "<b>Variables:<br />";
$row["VariableArray"] = explode(',', $row["VariableArray"]);
sort($row["VariableArray"]);
foreach ($row["VariableArray"] as $k => $v)
echo $k.' => '.$v.'<br />';
echo "</b><br>";
}
} else {
echo "Sorry there are no matches! Please check your entry and try again.";
}
}
答案 2 :(得分:0)
filter_input获取外部变量并对其进行过滤,但我相信您正在寻找的是filter_var_array,它会获取多个变量并对其进行过滤。
https://www.w3schools.com/php/php_ref_filter.asp
这就是我开始工作的方式:
// Check if variable array has been POSTed
if (isset($_POST['VariableArray'])) {
$post = $_POST['VariableArray'];
$VariableArray= filter_var_array($post, FILTER_SANITIZE_STRING);
}
foreach ($VariableArray as $value) {
// Insert into SQL individually
}