我已经为我的eshop编写了此代码,以便可以为自己销售的产品添加新的类别。有人可以告诉我我的代码是否正确,以便我可以上传吗?或者,如果有任何问题?您能告诉我,以便我修复它并使它正常工作吗?
<form action="" method="post" style="padding:80px;">
<b>Insert New Category:</b>
<input type="text" name="new_cat" required/>
<input type="submit" name="add_cat" value="Add Category" />
</form>
<?php
if(isset($_POST['add_cat'])){
$new_cat = $_POST['new_cat'];
$insert_cat = "insert into categories (cat_title) values ('$new_cat')";
$run_cat = mysqli_query($con, $insert_cat);
if($run_cat){
echo "<script>alert('New Category has been inserted!')</script>";
echo "<script>window.open('eshop.php?view_cats','_self')</script>";
}
}
?>
答案 0 :(得分:0)
使用它来防止Jonnix在评论中所说的SQL注入:
$new_cat = mysqli_real_escape_string($con, $_POST['new_cat']);