我的.php页面有问题。
adddata.php有一个允许用户向数据库提交某些数据的表单,但每次加载或刷新页面时,都会提交空表单(在数据库中创建一行空白值)。
我对PHP没什么经验,所以对任何新手错误提前道歉 - 这是代码:
<html>
<head>
<title>Project IPAM - Add Data</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container" class="container" style="width:980px">
<?php
include('./templates/header.php');
include('./templates/dbconnect.php');
?>
<?php
if(isset($_POST['submit']))
{
$name = $_POST['address_v4'];
echo "Successful submitted";
}
?>
<div id="content" style="background-color:#ABCDEF;height:500px;width:980px">
<!-- This is a example submit form to add data to the database !-->
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form method="post" action="adddata.php">
<table width="" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>
<tr>
<td>IP(v4)</td>
<td>:</td>
<td><input name="address_v4" type="text" id="address_v4" maxlength="15"></td>
</tr>
<tr>
<td>Hostname</td>
<td>:</td>
<td><input name="hostname" type="text" id="hostname" maxlength="32"></td>
</tr>
<tr>
<td>Type</td>
<td>:</td>
<td><select name="type">
<option value="static">Static</option>
<option value="dhcp">DHCP</option>
<option value="reserved">Reserved</option>
</td>
</tr>
<tr>
<td>Updated By</td>
<td>:</td>
<td><input name="updated_by" type="text" id="updated_by" maxlength="16"></td>
</tr>
<tr>
<td>Notes</td>
<td>:</td>
<td><input name="notes" type="text" id="notes" maxlength="128"></td>
</tr>
<tr>
<td>Location</td>
<td>:</td>
<td><textarea cols="17" rows="7" name="location" type="text" id="location" maxlength="64"></textarea></td>
</tr>
<tr>
<td>Default Gateway</td>
<td>:</td>
<td><input name="default_gateway" type="text" id="default_gateway" maxlength="15"></td>
</tr>
<tr>
<td>Subnet Mask</td>
<td>:</td>
<td><input name="subnet_mask" type="text" id="subnet_mask" maxlength="15"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
// Connect to the DB
include_once('./templates/dbconnect.php');
// Get values from form and checks whether values have been initilized using the isset() function.
$address=isset($_POST['address_v4']);
$hostname=isset($_POST['hostname']);
$type=isset($_POST['type']);
$updated_by=isset($_POST['updated_by']);
$notes=isset($_POST['notes']);
$location=isset($_POST['location']);
$default_gateway=isset($_POST['default_gateway']);
$subnet_mask=isset($_POST['subnet_mask']);
// Insert data into mysql
$sql="INSERT INTO $tbl_name(address_v4, hostname, type, updated_by, notes, location, default_gateway, subnet_mask)
VALUES('$address','$hostname','$type','$updated_by','$notes','$location','$default_gateway','$subnet_mask')";
if (!mysql_query($sql,$con))//
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?>
</div>
<div id="footer" style="background-color:#FFA500;clear:both;text-align:center;">
Copyright © 2011 Richard Day
</div>
</div>
</body>
</html>
答案 0 :(得分:1)
isset()
检查是否设置了值并返回true
或false
。将其更改为:
if (isset($_POST['address_v4']))
{
// if the value does indeed exist, then prepare it to be used in an SQL query
// and assign it to the $address variable
$address = mysql_real_escape_string($_POST['address_v4']);
}
else
{
// if the value does not exist, then make the $address variable an
// empty string
$address = '';
}
您需要在查询中添加的其他变量也是如此。
答案 1 :(得分:0)
问题在于您正在检查是否设置了$ _POST变量,例如:
$address=isset($_POST['address_v4']);
isset
返回一个布尔值(true或false),而不是您要检查的变量中的数据。改变你的行是这样的:
$address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';
mysql_real_escape_string
有助于防止对您的网站进行SQL injection攻击。
修改
如果我理解正确,您还需要在运行数据库语句之前检查表单是否已实际提交,无论表单是否已提交,此时您运行该表单。从顶部的if(isset($_POST['submit']))
语句中移动文档底部的所有PHP代码,应将其排序。
if(isset($_POST['submit'])) {
$name = $_POST['address_v4'];
echo "Successful submitted";
// Now the code from the bottom, minus the database file include as you've already got that further up in the code
$address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';
// ...
答案 2 :(得分:0)
首先需要验证您的输入。
使用isset();
验证是否已设置,使用empty();
检查变量是否为空。使用&&
运算符一次执行多项检查。
将变量转换为适当的数据类型。在存储到数据库之前,使用mysql_real_escape_string();
转义输入。
使用post-redirect-get方法阻止刷新或重新加载时提交表单。