如何将textarea中的每个项目添加到我的数据库中?

时间:2012-02-06 18:11:16

标签: php mysql html textarea

这是我正在使用的代码示例。我将此代码的修改版本用于我的另一个页面。另一页使用文本框而不是textarea。文本框版本工作得很好。当我单击提交时,它只返回到当前页面并且textarea已擦除,并且没有任何内容添加到数据库中。我做错了什么?

<? function renderForm($words, $type, $error){ ?>
<?php if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?> 

<form action="" method="post">
<select name="type">
<option value="intro">Intro</option>
<option value="phrase">Phrase</option>
<option value="phrase2">Phrase2</option>
<option value="phrase3">Phrase3</option>
<option value="phrase4">Phrase4</option>
<option value="phrase5">Phrase5</option>
<option value="phrase6">Phrase6</option>
<option value="phrase7">Phrase7</option>
<option value="phrase8">Phrase8</option>
<option value="phrase9">Phrase9</option>
<option value="phrase10">Phrase10</option>
<option value="phrase11">Phrase11</option>
<option value="phrase12">Phrase12</option>
<option value="phrase13">Phrase13</option>
<option value="phrase14">Phrase14</option>
<option value="phrase15">Phrase15</option>
<option value="phrase16">Phrase16</option>
<option value="phrase17">Phrase17</option>
<option value="phrase18">Phrase18</option>
<option value="phrase19">Phrase19</option>
<option value="phrase20">Phrase20</option>
<option value="keyword" selected>Keyword</option>
<option value="keyword2">Keyword2</option>
<option value="keyword3">Keyword3</option>
</select>

<br>
<textarea rows="20" cols="10" name="words"></textarea>
<input type="submit" name="submit" value="Add">
</form>
<?php 
}

// connect to the database
include('connection.php');

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{ 

$words = $_POST['words'];
$type = $_POST['type'];

if ($words == '' )
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

// if either field is blank, display the form again
renderForm($words, $error);
}
else
{
$item = explode("\n", $words);

foreach($item as $words){ 
    mysql_query("INSERT subs SET word='$words', type='$type'") or die(mysql_error()); 
}

}
}
else
// if the form hasn't been submitted, display the form
{ renderForm('',''); }
?>

3 个答案:

答案 0 :(得分:1)

你错过了= for words,你有一些重大的安全漏洞。试试这个片段:

<?
// connect to the database
include('connection.php');

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {

    $words = $_POST['words'];
    $type = $_POST['type'];

    if ($words == '') {
        // generate error message
        $error = 'ERROR: Please fill in all required fields!';

        // if either field is blank, display the form again
        renderForm($words, $error);
    } else {
        $item = explode("\n", $words);

        foreach ($item as $words) {
            mysql_query("INSERT INTO subs SET word='".mysql_real_escape_string( sanitizeString($words) )."', type='".mysql_real_escape_string( sanitizeString($type) )."'") or die(mysql_error());
        }
    }
} else {
    // if the form hasn't been submitted, display the form
    renderForm('', '');
}

function renderForm($words, $type, $error='') {
    if ($error != '') {
        echo '<div style="padding:4px; border:1px solid red; color:red;">' . $error . '</div>';
    }
    $options = array();
    $options['intro'] = 'Intro';
    $options['phrase'] = 'Phrase';
    $options['phrase1'] = 'Phrase1';
    $options['phrase2'] = 'Phrase2';
    $options['phrase3'] = 'Phrase3';
    $options['phrase4'] = 'Phrase4';
    $options['phrase5'] = 'Phrase5';
    $options['phrase6'] = 'Phrase6';
    $options['phrase7'] = 'Phrase7';
    $options['phrase8'] = 'Phrase8';
    $options['phrase9'] = 'Phrase9';
    $options['phrase10'] = 'Phrase10';
    $options['phrase11'] = 'Phrase11';
    $options['phrase12'] = 'Phrase12';
    $options['phrase13'] = 'Phrase13';
    $options['phrase14'] = 'Phrase14';
    $options['phrase15'] = 'Phrase15';
    $options['phrase16'] = 'Phrase16';
    $options['phrase17'] = 'Phrase17';
    $options['phrase18'] = 'Phrase18';
    $options['phrase19'] = 'Phrase19';
    $options['phrase20'] = 'Phrase20';
    $options['keyword'] = 'Keyword';
    $options['keyword2'] = 'Keyword2';
    $options['keyword3'] = 'Keyword3';
    ?> 
    <form action="" method="post">
        <select name="type">
            <?php
            foreach ($options as $key=>$val) {
                echo '<option value="'.$key.'"'.(($key == $type) ? ' selected="selected"' : '').'>'.$val.'</option>'.PHP_EOL;
            }
            ?>
        </select>
        <br />
        <textarea rows="20" cols="10" name="words"><?php echo $words; ?></textarea>
        <input type="submit" name="submit" value="Add" />
        <?php
}

function sanitizeString($string) {
    return htmlentities( (string) $string, ENT_COMPAT, "UTF-8" );
}
?>

答案 1 :(得分:0)

如果没有测试,是否可以与foreach($ item as $ words)行中$ words变量的重复使用有关?

您的textarea是空白的,因为您没有在回程中分配任何东西。尝试一下...... 

<textarea rows="20" cols="10" name="words"><?php echo $words; ?></textarea>

(另外,使用INSERT代码进行SQL注入攻击确实存在危险)

答案 2 :(得分:0)

您在textarea标记(以及表单的结束标记)中缺少名称和“字”之间的等号。

相关问题
最新问题