-1
我有一个有四个值的表单,player1
,player2
,awayTeam
和homeTeam
。PHP表格提交
在检查值是否为空之后,它不想将结果发送到数据库。我不确定它为什么不想提交。
还有两个随机数将被比较并根据if num1 > num2
记录提交。
<?php
$link = mysqli_connect("localhost","test", "passowrd", "test");
if (mysqli_connect_error()) {
die ("DB has not been connected");
}
// create two random numbers
$Num1 = rand();
$Num2 = rand();
if (isset($_POST['submit'])) {
$playerOne = mysqli_real_escape_string ($link, $_POST['playerOne']);
$playerTwo = mysqli_real_escape_string ($link, $_POST['playerTwo']);
$awayTeam = mysqli_real_escape_string ($link, $_POST['awayTeam']);
$homeTeam = mysqli_real_escape_string ($link, $_POST['homeTeam']);
//check if player one is empty
if (empty($playerOne)) {
echo "Game Creator PSN required!" . "<br>";
}
//check if player two is empty
if (empty($playerTwo)) {
echo "Second Player PSN required!";
}
} else {
//compare two numbers
if ($Num1 > $Num2) {
$sql = "INSERT INTO randomizer (playerOne, playerTwo, awayteam, homeTeam) VALUES (' $playerOne', '$playerTwo', '$awayTeam', '$homeTeam')";
if ($link->query($sql) === true) {
echo "Record Added Sucessfully";
} else {
echo "There was a problem";
}
} else {
$sql = "INSERT INTO randomizer (playerOne, playerTwo, awayteam, homeTeam) VALUES (' $playerTwo', '$playerOne', '$awayTeam', '$homeTeam')";
if ($link->query($sql) === true) {
echo "Record Added Sucessfully";
} else {
echo "There was a problem";
}
}
}
?>
为什么2'insert'语句?目前的执行会发生什么? – chris85
**警告**:使用'mysqli'时,您应该使用[参数化查询](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param']( http://php.net/manual/en/mysqli-stmt.bind-param.php)将用户数据添加到您的查询中。 **不要**使用手动转义和字符串插值或串联来实现此目的,因为您将创建严重的[SQL注入漏洞](http://bobby-tables.com/)。意外地未经转义的数据是一个严重的风险。使用绑定参数不那么冗长,并且更容易检查以检查您是否正确地进行了操作。 – tadman
请尽量避免像'=== TRUE'这样的不必要的东西混淆你的代码的习惯。许多函数被设计为返回逻辑上真或假的值,因此是多余的。创建像'$ sql'这样的抛弃变量并立即将它们提供给函数也是一个坏主意。而是直接将该字符串提供给函数。 – tadman