这是我正在使用的代码示例。我将此代码的修改版本用于我的另一个页面。另一页使用文本框而不是textarea。文本框版本工作得很好。当我单击提交时,它只返回到当前页面并且textarea已擦除,并且没有任何内容添加到数据库中。我做错了什么?
<? function renderForm($words, $type, $error){ ?>
<?php if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?>
<form action="" method="post">
<select name="type">
<option value="intro">Intro</option>
<option value="phrase">Phrase</option>
<option value="phrase2">Phrase2</option>
<option value="phrase3">Phrase3</option>
<option value="phrase4">Phrase4</option>
<option value="phrase5">Phrase5</option>
<option value="phrase6">Phrase6</option>
<option value="phrase7">Phrase7</option>
<option value="phrase8">Phrase8</option>
<option value="phrase9">Phrase9</option>
<option value="phrase10">Phrase10</option>
<option value="phrase11">Phrase11</option>
<option value="phrase12">Phrase12</option>
<option value="phrase13">Phrase13</option>
<option value="phrase14">Phrase14</option>
<option value="phrase15">Phrase15</option>
<option value="phrase16">Phrase16</option>
<option value="phrase17">Phrase17</option>
<option value="phrase18">Phrase18</option>
<option value="phrase19">Phrase19</option>
<option value="phrase20">Phrase20</option>
<option value="keyword" selected>Keyword</option>
<option value="keyword2">Keyword2</option>
<option value="keyword3">Keyword3</option>
</select>
<br>
<textarea rows="20" cols="10" name="words"></textarea>
<input type="submit" name="submit" value="Add">
</form>
<?php
}
// connect to the database
include('connection.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
$words = $_POST['words'];
$type = $_POST['type'];
if ($words == '' )
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($words, $error);
}
else
{
$item = explode("\n", $words);
foreach($item as $words){
mysql_query("INSERT subs SET word='$words', type='$type'") or die(mysql_error());
}
}
}
else
// if the form hasn't been submitted, display the form
{ renderForm('',''); }
?>
答案 0 :(得分:1)
你错过了= for words,你有一些重大的安全漏洞。试试这个片段:
<?
// connect to the database
include('connection.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {
$words = $_POST['words'];
$type = $_POST['type'];
if ($words == '') {
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($words, $error);
} else {
$item = explode("\n", $words);
foreach ($item as $words) {
mysql_query("INSERT INTO subs SET word='".mysql_real_escape_string( sanitizeString($words) )."', type='".mysql_real_escape_string( sanitizeString($type) )."'") or die(mysql_error());
}
}
} else {
// if the form hasn't been submitted, display the form
renderForm('', '');
}
function renderForm($words, $type, $error='') {
if ($error != '') {
echo '<div style="padding:4px; border:1px solid red; color:red;">' . $error . '</div>';
}
$options = array();
$options['intro'] = 'Intro';
$options['phrase'] = 'Phrase';
$options['phrase1'] = 'Phrase1';
$options['phrase2'] = 'Phrase2';
$options['phrase3'] = 'Phrase3';
$options['phrase4'] = 'Phrase4';
$options['phrase5'] = 'Phrase5';
$options['phrase6'] = 'Phrase6';
$options['phrase7'] = 'Phrase7';
$options['phrase8'] = 'Phrase8';
$options['phrase9'] = 'Phrase9';
$options['phrase10'] = 'Phrase10';
$options['phrase11'] = 'Phrase11';
$options['phrase12'] = 'Phrase12';
$options['phrase13'] = 'Phrase13';
$options['phrase14'] = 'Phrase14';
$options['phrase15'] = 'Phrase15';
$options['phrase16'] = 'Phrase16';
$options['phrase17'] = 'Phrase17';
$options['phrase18'] = 'Phrase18';
$options['phrase19'] = 'Phrase19';
$options['phrase20'] = 'Phrase20';
$options['keyword'] = 'Keyword';
$options['keyword2'] = 'Keyword2';
$options['keyword3'] = 'Keyword3';
?>
<form action="" method="post">
<select name="type">
<?php
foreach ($options as $key=>$val) {
echo '<option value="'.$key.'"'.(($key == $type) ? ' selected="selected"' : '').'>'.$val.'</option>'.PHP_EOL;
}
?>
</select>
<br />
<textarea rows="20" cols="10" name="words"><?php echo $words; ?></textarea>
<input type="submit" name="submit" value="Add" />
<?php
}
function sanitizeString($string) {
return htmlentities( (string) $string, ENT_COMPAT, "UTF-8" );
}
?>
答案 1 :(得分:0)
如果没有测试,是否可以与foreach($ item as $ words)行中$ words变量的重复使用有关?
您的textarea是空白的,因为您没有在回程中分配任何东西。尝试一下......
<textarea rows="20" cols="10" name="words"><?php echo $words; ?></textarea>
(另外,使用INSERT代码进行SQL注入攻击确实存在危险)
答案 2 :(得分:0)
您在textarea标记(以及表单的结束标记)中缺少名称和“字”之间的等号。