PHP脚本没有添加MySQL数据

时间:2011-11-10 14:55:59

标签: php mysql html

我将以下表单插入到一个名为index的主键的数据库中,以便为它们提供所有数值。我做错了什么,它不会添加它?它根本不会给我一个错误消息。谢谢你的帮助!

FORM:

 <form action = "addissue.php" METHOD = "POST">
    <table>
      <tr>
    <td>Date Issue Occurred:</td>
    <!--http://www.dynamicdrive.com/dynamicindex7/jasoncalendar.htm-->
    <td><script>DateInput('orderdate', true, 'DD-MON-YYYY')</script></td>
</tr>
      <tr>
    <td>Please select the application affected:</td>
    <td><select name = "application">
        <option value = "default1">1</option>
        <option value = "2">2</option>
        </select></td>
</tr>
      <tr>
    <td>Start Time:</td>
    <td><input type = "text" name = "start" /></td>
</tr>
      <tr>
    <td>End Time:</td>
    <td><input type = "text" name = "end" /></td>
</tr>
      <tr>
    <td>Duration:</td>
    <td><input type = "text" name = "dur" /></td>
</tr>
      <tr>
    <td>Service Level Affecting?</td>
    <td><input type = "radio" name = "sla" value = "Yes" />Yes
             <input type = "radio" name = "sla" value = "No" />No</td>
</tr>
      <tr>
    <td>System State:</td>
    <td><select name = "state">
        <option value = "down">Down</option>
        <option value = "degradated">Degradated</option>
        <option value = "feature">Feature Broken</option>
        </select></td>
</tr>
      <tr>
    <td>Issue Description:</td>
    <td><textarea name = "issuedesc"rows = "5" cols = "90">Enter Issue Description Here.</textarea></td>
</tr>
      <tr>
    <td>Resolution Description:</td>
    <td><textarea name = "resdesc" rows = "5" cols = "90">Enter Resolution Description Here.</textarea></td>
</tr>
      <tr>
    <td>Group Issue Is Assigned To:</td>
    <td><select name = "group">
        <option value = "default1">1</option>
        <option value = "2">2</option>
        </select></td>
</tr>
      <tr>
    <td><input type = "submit" value = "Submit"></td>
</tr>

</table>

</form>

Addissue.php

<?php

    include('db_loginreport.php');

    $con = mysql_connect($db_host, $db_username, $db_password);

    if(!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    $db_select = mysql_select_db($db_database);

    if(!$db_select)

    {

        die("Could not select the database. <br />".mysql_error());

    }
    $date = $_POST["orderdate"];
    $app = $_POST["application"];
    $starttime = $_POST["start"];
    $endtime = $_POST["end"];
    $duration = $_POST["dur"];
    $sysstate = $_POST["state"];
    $issdesc = $_POST["issuedesc"];
    $resdesc = $_POST["resdesc"];
    $assigned = $_POST["group"];

    $query = "Insert INTO issuetrack (date, app, starttime, endtime, duration, sla, sysstate,issdesc, resdesc, assigned) 
                        VALUES ($date, $app,$starttime,$endtime,$duration,$sysstate,$issdesc,$resdesc,$assigned)";

    $result = mysql_query($query);

    if(!$result)

    {

        die("Could not query the database:  <br />".mysql_error());

    }

?>

db格式:

#   Column  Type
1   index   int(11)
2   date    varchar(11)
3   app varchar(50)
4   starttime   varchar(16)
5   endtime varchar(16)
6   duration    varchar(5)
7   sla varchar(3)
8   sysstate    varchar(20)
9   issdesc varchar(2048)
10  resdesc varchar(2048)
11  assigned    varchar(30)

2 个答案:

答案 0 :(得分:4)

你有两个问题。插入失败,因为您的变量未包含在引号中,如'$date'

中所示
$query = "Insert INTO issuetrack (date, app, starttime, endtime, duration, sla,  sysstate,issdesc, resdesc, assigned) 
                    VALUES ('$date', '$app','$starttime','$endtime','$duration','$sla','$sysstate','$issdesc','$resdesc','$assigned')";

另请注意,您在查询中遗漏了$sla的条目。我在上面添加了它。

您的第二个问题是您的脚本通过SQL注入擅自篡改。

至少,您必须使用mysql_real_escape_string()转义所有这些变量,即使它仅用于内部应用程序。

$date = mysql_real_escape_string($_POST["orderdate"]);
$app = mysql_real_escape_string($_POST["application"]);
$starttime = mysql_real_escape_string($_POST["start"]);
...
...
$resdesc = mysql_real_escape_string($_POST["resdesc"]);
$assigned = mysql_real_escape_string($_POST["group"]);

答案 1 :(得分:1)

这是不正确的

$query = "Insert INTO issuetrack (date, app, starttime, endtime, duration, sla, sysstate,issdesc, resdesc, assigned) 
                    VALUES ($date, $app,$starttime,$endtime,$duration,$sysstate,$issdesc,$resdesc,$assigned)";

这是正确的

$query = "Insert INTO issuetrack (date, app, starttime, endtime, duration, sysstate,issdesc, resdesc, assigned) 
                    VALUES ('$date', '$app', '$starttime','$endtime','$duration','$sysstate','$issdesc','$resdesc','$assigned')";

问题在于您尝试将$sysstate添加到sla,将$issdesc添加到sysstate,将$resdesc添加到issdesc $assignedresdesc进入assigned,{{1}}为空。

编辑:更新以包含引号