1. 首页
  2. 问答
  3. 关于php字符串长度的问题

关于php字符串长度的问题

2014-04-11 32 views
0

bellow是一个插入数据到表中的脚本。我已经使用strlen()函数检查字符串的长度,如果字符串的长度低于限制但它不会停止查询向表中添加另一行,则会返回错误。我怎样才能做到这一点。非常感谢您关于php字符串长度的问题

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
//VALUES 
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')"; 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

if (!mysqli_query($con,$sql)) 
    { 
    die('Error: ' . mysqli_error($con)); 
    } 

//here is the part in question 

if (strlen($ProductName) < 10) 
{ 
    die('Error: ' . mysqli_error($sql)); 
} 
echo "1 record added"; 

mysqli_close($con); 
?>

来源

2014-04-11 user3463859

+0

移动您的插入语句___after___长度检查....如果它在那之前,那么它会在那之前运行 –

+0

但是PHP ___中的长字符串测试不会___生成MySQL错误,因此显示MySQLi错误如果strlen($ ProductName)<10没有意义...没有MySQLi错误 –

+0

Mark是正确的,顺便说一句你在哪里给你的'$ ProductName'赋值? –

回答

0

你插入后检查字符串的长度,你需要插入之前做检查,这样的:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

if (strlen($ProductName) < 10) 
{ 
    die('Error: product name too short!'); 
} 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat,  product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

if (!mysqli_query($con,$sql)) 
{ 
    die('Error: ' . mysqli_error($con)); 
} 

//here is the part in question 


echo "1 record added"; 

mysqli_close($con); 
?>

编辑使用die不被认为是最佳做法。更好的方式来做到这一点,是在if声明它包装(例如),像这样:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
if (mysqli_connect_errno()) { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} elseif (strlen($ProductName) < 10) { 
    echo 'Error: product name too short!'; 
} else { 
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
      VALUES 
      ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

    if (!mysqli_query($con,$sql)) { 
     echo 'Error: ' . mysqli_error($con); 
    } else { 
     echo "1 record added"; 
    } 
} 
mysqli_close($con); 
?>

基于您的评论编辑2,如果你想检查字符串ISN “T超过50个字符,你可以使用这样的事情:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
if (mysqli_connect_errno()) { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} elseif (strlen($ProductName) < 10) { 
    echo 'Error: product name too short!'; 
} elseif (strlen($ProductName) > 50) { 
    echo 'Error: product name too long!'; 
} else { 
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
      VALUES 
      ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

    if (!mysqli_query($con,$sql)) { 
     echo 'Error: ' . mysqli_error($con); 
    } else { 
     echo "1 record added"; 
    } 
} 
mysqli_close($con); 
?>

来源

2014-04-11 07:07:00 trizz

+0

我还有一个问题,你如何添加另一个条件,以便它也检查最大限制,例如> 50错误:必须小于... – user3463859

+0

我尝试添加另一个,但如果它不起作用 – user3463859

+0

请参阅我的第二个编辑 – trizz

0

脚本的命令有错误的,逻辑需要像这样:

<?php 
$con=mysqli_connect("localhost","zxzxzx","zxzxzx","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
//VALUES 
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')"; 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

// First thing is to ask your condition.. 

if (strlen($ProductName) < 10) 
{ 
    die('Error: ' . mysqli_error($sql)); 
} 

echo "1 record added"; 
if (!mysqli_query($con,$sql)) 
    { 
    die('Error: ' . mysqli_error($con)); 
    } 



mysqli_close($con); 
?>

我建议你在查询中使用绑定参数来防止SQL注入。 PDO bindings

来源

2014-04-11 07:07:04 Fadey

相关问题

 相关问题