-1
我的代码不能正常工作,检查是否主题名称是已经存在使用PHP SQL注入预处理语句:PHP的MySQL - 检查主题名称是否已经存在
代码:
<?php
if($_GET["action"] == "post") {
$servername = "localhost";
$username = "MY DB";
$password = "MY PASS";
$dbname = "MY DB";
// Create connection
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$checkSubject = $conn->prepare("SELECT * FROM IndexData WHERE SubjectName = ?");
$checkSubject->bind_param('s', $_POST['filename']);
$checkSubject->execute();
$checkSubject->store_result();
$countSubject = $checkSubject->num_rows;
//Create or Edit Files
if(strlen($_POST['filename']) <= 30 && strlen($_POST['filename']) >= 8 && strlen($_POST['comment']) >= 100 && strlen($_POST['comment']) <= 5000 && strlen($_POST['description']) >= 50 && strlen($_POST['description']) <= 500 && strlen($_POST['userSName']) >= 10 && strlen($_POST['userSName']) <= 20) {
if ($countSubject > 0) {
$echoTxt = " <pre>Subject Has Been Posted!
Link: <a href=\"Code-Blog-Index-Posts.php?SubjectName=" . $_POST['filename'] . "\" target=\"_blank\">Click Me</a></pre> <br>";
require("CreateDataPosts.php");
} else {
$echoTxt = die("<pre>[ERROR]Subject Already Exist!</pre>");
}
} else {
echo "<pre><span class=\"error\">Subject must Greater than 8 and Less than 30 characters</span></pre>";
echo "<pre><span class=\"error\">Post must Greater than 100 and Less than 5000 characters</span></pre>";
echo "<pre><span class=\"error\">Description must Greater than 50 and Less than 500 characters</span></pre>";
die();
}
echo $echoTxt;
echo "<a name=\"PostResult\"></a>";
$countSubject->close();
$conn->close();
}
?>
,它总是返回到0
我不知道为什么,但 我希望你可以解决它的家伙!,谢谢!
'$ _POST ['filename']'这使得我的* Spidey感*刺痛,因为它最可能需要'$ _FILES'。很难肯定地说没有看到表格是什么样的。 –
我使用窗体实例:'' – CharlesCraft50
'这是值得怀疑的if($ _ GET [“action”] ==“post”)''。检查错误报告和查询错误。 –