-2
有一些问题确切地说明了我在下面的php脚本中发生错误的位置。它通过来自HTML表单的帖子获取数据。然后在将它们插入数据库之前尝试一些验证。任何人发现任何东西POST服务器端表单验证
<?php
if(isset($_POST['submit_form']))
{
validate_data($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = strip_tags($data);
$data = htmlspecialchars($data);
$data = mysqli_real_escape_string($data);
return $data;
}
$address = validate_data($_POST['name']);
$address = validate_data($_POST['address']);
$zipcode = validate_data($_POST['zipcode']);
$county = validate_data($_POST['county']);
$phone = validate_data($_POST['phone']);
$email = validate_data($_POST['email']);
$password = validate_data($_POST['password']);
$pwVerified = validate_data($_POST['pwVerified']);
//create connection
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO company (name, address, zipcode, county, phone, email, password, pwVerified)
VALUES
('$name', '$address', '$zipcode','$county','$phone', '$email', '$password', '$pwVerified')";
if ($conn->query($sql) === TRUE) {
// echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}else
{ echo "there is a problem";}
include 'sign.php';
?>
是啊这个'$ data = mysqli_real_escape_string($ data);'不知道你的POST数组是否包含值。该函数需要传递给它的db连接。 '$ data = mysqli_real_escape_string($ conn,$ data);'(一件事)。 –
'validate_data($ data)'应该是一个函数:'function validate_data($ data)' –
你得到的错误是什么? – Pete