除生日和性别(分别是日期和广播形式)外,所有POST变量都是文本形式类型。 我的文字没有进入数据库,我的广播和日期表格也无效。
我尝试删除性别和日期功能的安全功能。
$result = queryMysql("SELECT * FROM profiles WHERE user='$user'");
if (isset($_POST['text']) && isset($_POST ['forename']) && isset($_POST ['surname'])&& isset($_POST ['city'])&& isset($_POST ['state'])&& isset($_POST ['status'])&& isset($_POST ['occupation'])&& isset($_POST ['birthday'])&& isset($_POST ['gender']))
{
$text = sanitizeString($_POST['text']);
$text = preg_replace('/\s\s+/', ' ', $text);
$forename = sanitizeString($_POST['forename']);
$forename = preg_replace('/\s\s+/', ' ', $forename);
$surname = sanitizeString($_POST['surname']);
$surname = preg_replace('/\s\s+/', ' ', $surname);
$city = sanitizeString($_POST['city']);
$city = preg_replace('/\s\s+/', ' ', $city);
$state = sanitizeString($_POST['state']);
$status = preg_replace('/\s\s+/', ' ', $status);
$occupation = sanitizeString($_POST['occupation']);
$occupation = preg_replace('/\s\s+/', ' ', $occupation);
$birthday = sanitizeString($_POST['birthday']);
$birthday = preg_replace('/\s\s+/', ' ', $birthday);
$gender = sanitizeString($_POST['gender']);
$gender = preg_replace('/\s\s+/', ' ', $gender);
if ($result->num_rows)
queryMysql("UPDATE profiles SET text='$text', forename='$forename', surname='$surname',city='$city', state= '$state', occupation= '$occupation', birthday='$birthday',gender='$gender' WHERE user='$user'");
else queryMysql("INSERT INTO profiles (user, text, forename, surname, city, state, occupation,birthday, gender) VALUES('$user', '$text', '$forename', '$surname', '$city', '$state','$occupation', '$birthday', '$gender')");
}
else
{
if ($result->num_rows)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
$text = stripslashes($row['text']);
$forename = stripslashes($row['forename']);
$surname = stripslashes($row['surname']);
$city = stripslashes($row['city']);
$state = stripslashes($row['state']);
$occupation = stripslashes($row['occupation']);
$birthday = stripslashes($row['birthday']);
$gender = stripslashes($row['gender']);
}
else $text = "" || $forename = "" || $surname = "" || $city = "" || $state = "" || $occupation = ""|| $birthday = "" || $gender = "";
}
$text = stripslashes(preg_replace('/\s\s+/', ' ', $text));
$forename = stripslashes(preg_replace('/\s\s+/', ' ', $forename));
$surname = stripslashes(preg_replace('/\s\s+/', ' ', $surname));
$city = stripslashes(preg_replace('/\s\s+/', ' ', $city));
$state = stripslashes(preg_replace('/\s\s+/', ' ', $state));
$occupation = stripslashes(preg_replace('/\s\s+/', ' ', $occupation));
$birthday = stripslashes(preg_replace('/\s\s+/', ' ', $birthday));
$gender = stripslashes(preg_replace('/\s\s+/', ' ', $gender));```
性别和生日变量无法连接到数据库。 所有其他变量都不会显示在数据库中。