有很多这样的错误,但这是我的。
我有一个PHP票务类型表格,我想将信息插入MYSQL数据库。
这是PHP表单:
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<form name="ticket-form" id="ticket-form" action="get_response.php" method="POST">
<p>Please provide your first name: <input type="text" name="firstName" id="firstName" placeholder="John" required></p>
<p>Please provide your last name: <input type="text" name ="lastName" id="lastName" placeholder="Smith" required></p>
<p>Please indicate if you are a company or a contractor:
<input type="radio" name="clientType" id="clientType" value="company">Company
<input type="radio" name="clientType" id="clientType" value="contractor" checked>Contractor</p>
<p>Please provide an email address: <input type="email" name="email" id="email" placeholder="John123@example.com"><br></p>
<p>Please provide a phone number if you'd prefer: <input type="text" name="number" id="number" max="13" placeholder="07654321234"><br></p>
<p>Please detail your query, going in to as much detail as possible: </p>
<textarea name="query" id="query" rows="8" cols="80" placeholder="Please detail the nature of your issue, going in to as much detail as possible."></textarea><br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
这是get_response.php
<?php
require_once("config.php");
require_once("index.php");
$datetime = new DateTime();
$datestring = $datetime->format('d-m-Y H:i:s');
$first_name = mysqli_real_escape_string($conn, $_POST['firstName']);
$second_name = mysqli_real_escape_string($conn, $_POST['lastName']);
$client_type = mysqli_real_escape_string($conn, $_POST['clientType']);
$email_address = mysqli_real_escape_string($conn, $_POST['email']);
$query = mysqli_real_escape_string($conn, $_POST['query']);
$phone_number = mysqli_real_escape_string($conn, $_POST['number']);
$sql = "INSERT INTO
tickets (first_name, second_name, client_type, email_address, phone_number, query)
VALUES
('$first_name', '$second_name', '$client_type', '$email_address', '$phone_number', '$query')";
if($conn->query($sql)){
echo "<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
else
{
die('There was an error running the query [' . mysqli_error($conn) . ']');
}
// else
// {
// echo "<p>Please supply valid information.</p>";
// }
mysqli_close($conn);
?>
php config.php
将表明与$ conn变量的连接成功,但可以消除此问题:
<?php
$servername = "xxxxx";
$username = "xxxxx";
$password = "xxxxx";
$dbname = "tickets";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
} ?>
php get_response.php
将空数据插入数据库。但是,该表单无法通过发布信息来工作。
我知道可能还有其他错误。我是PHP和MYSQL的新手。任何帮助深表感谢。预先感谢。
编辑:根据要求提供一些错误日志。这就是今天的全部内容。
[Fri Nov 01 12:24:51.342604 2019] [mpm_event:notice] [pid 673:tid 140589056359360] AH00489: Apache/2.4.38 (Ubuntu) configured -- resuming normal operations
[Fri Nov 01 12:24:51.343298 2019] [core:notice] [pid 673:tid 140589056359360] AH00094: Command line: '/usr/sbin/apache2'
Edit2:已解决,排序。
我尝试在常规的Mac OS X操作系统中重新制作表格,并且效果很好。虚拟盒子,它与现代OS X软件或某些个人配置的通信方式似乎都存在根本性的错误。尽管我可以在Linux命令行中连接到mysql,但是它无法通过该表单运行。
答案 0 :(得分:1)
在安装MS SQL Server时,我有20分钟的空闲时间,因此可以快速重构您的代码,以利用prepared statements减轻SQL注入攻击。它没有经过测试,所以可能存在一些小错误,但我忽略了,但我希望它会有用
<?php
$status=false;
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$errors=array();
$args=array(
'firstName' => FILTER_SANITIZE_STRING,
'lastName' => FILTER_SANITIZE_STRING,
'clientType' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'query' => FILTER_SANITIZE_STRING,
'number' => FILTER_SANITIZE_STRING
);
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) ) $errors[]=sprintf( 'The field "%s" is not set', $field );
}
foreach( $_POST as $field => $value ){
if( !in_array( $field, array_keys( $args ) ) )$errors[]=sprintf( 'Unknown field "%s"', $field );
}
if( empty( $errors ) ){
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
require_once 'config.php';
require_once 'index.php';
$sql='insert into `tickets`
( `first_name`, `second_name`, `client_type`, `email_address`, `phone_number`, `query` )
values
( ?, ?, ?, ?, ?, ? )';
$stmt=$conn->prepare( $sql );
if( !$stmt )$errors[]='The SQL Prepared Statement failed';
$stmt->bind_param('ssssss', $firstName, $lastName, $clientType, $email, $query, $number );
$stmt->execute();
$status=$conn->affected_rows;
}
}
?>
<html lang='en' dir='ltr'>
<head>
<meta charset='utf-8'>
<title></title>
</head>
<body>
<form name='ticket-form' method='POST'>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
if( !empty( $errors ) ){
printf( '<pre>%s</pre>',print_r($errors,true) );
} else {
if( $status ){
echo "
<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
}
}
?>
<label>Please provide your first name: <input type='text' name='firstName' placeholder='John' required></label>
<label>Please provide your last name: <input type='text' name ='lastName' placeholder='Smith' required></label>
<label>
Please indicate if you are a company or a contractor:
<input type='radio' name='clientType' value='company'>Company
<input type='radio' name='clientType' value='contractor' checked>Contractor
</label>
<label>Please provide an email address: <input type='email' name='email' id='email' placeholder='John123@example.com'></label>
<label>Please provide a phone number if you'd prefer: <input type='text' name='number' id='number' max='13' placeholder='07654321234'></label>
<label>
Please detail your query, going in to as much detail as possible:
<textarea name='query' rows='8' cols='80' placeholder='Please detail the nature of your issue, going in to as much detail as possible.'></textarea>
</label>
<input type='submit' />
</form>
</body>
</html>