表单停止提交到数据库

Question

好吧,它之前正在工作......现在突然间它停了下来.我不知道为什么.我添加的唯一内容是删除功能..之后它不再提交.我可以删除一个条目= D.

表单的PHP代码

 <?php

if (isset($_POST['submit'])){   

$con = mysql_connect("localhost", "", "");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

$Firstname = $_POST['Firstname'];
$Email = $_POST['Email'];
$Prayer = $_POST['Prayer'];



//if there is no input these messages will come up//    
if($Firstname==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($Email==''){
echo "<script>alert('Please enter your email!')</script>";
exit(); 
}
if($Prayer==''){
echo "<script>alert('Please enter your prayer request!')</script>";
exit(); 
}


mysql_select_db("dxh6110",$con);

//if everything is good, information will be submitted to database
$sql = "INSERT INTO ChurchPrayer (Firstname, Email, Prayer) VALUES('$_POST[Firstname]','$_POST[Email]','$_POST[Prayer]')";



if(mysql_query($sql,$con)){

echo "<script>alert('Congratulations, You have successfully submitted your prayer requests. You will hear from us very soon!')</script>";


}

mysql_close($con);
}

?>

哦,我知道我应该使用预处理语句来防止SQL注入...但我不确定它究竟是什么或它看起来像什么.当我进一步深入学校项目时,我肯定会在以后添加它们.目前担心功能..

不确定还需要添加什么...我将添加我的delete.php

<?php session_start(); //starting the session?>
<?php
//connecting to database
$con = mysql_connect("localhost","","","dxh6110");

//defining variable
$delete_id = $_GET['del'];
//command to remove input from SQL DB
$query = "delete from ChurchPrayer where id='$delete_id'";

if(mysql_query($con,$query)){

echo "<script>window.open('view_prayers.php?deleted=User has been deleted!','_self')</script>";

}



?>

我的管理员登录工作正常,当管理员登录时,会将他们带到一个页面,这样他们就可以查看条目并删除对数据库的条目.目前有两个,但是当我尝试添加更多请求时......他们不会去DB.单击提交时不会给出错误.

Answer 1

首先,("localhost","xxx","xxx","xxx")不做你的想法.

mysql_connect()需要3个参数,而不是4个.第四个是其他的参数.可以使用四个参数mysqli_connect(),但是那些不同的MySQL API不会相互混合,因此如果要使用mysql_函数,请不要使用该连接方法.

请教:

• http://php.net/manual/en/function.mysql-connect.php
• http://php.net/manual/en/function.mysql-select-db.php

像你在其他问题中那样做:

$con = mysql_connect("localhost", "xxx", "xxx");
if (!$con){
die("Cannot connect:" . mysql_error()); 
}

mysql_select_db("your_db",$con);

然后这个if(mysql_query($con,$query)){连接到了第二.

此外,$_GET['del']并?deleted=User检查这一点.这两件事对我来说很突出.

如果你的删除链接是?deleted=XXX,它需要?del=XXX- XXX是一个例子.

$_GET['del']需要匹配方法中的参数?parameter.

即:view_prayers.php?del=XXX如果view_prayers.php是您要删除的文件.

另外,正如评论中所提到的,这种方法是不安全的.

您最好使用预mysqli准备语句,或将PDO与预准备语句一起使用.