1. 首页
  2. 问答
  3. 当试图发布时显示为未定义索引的输入名称

当试图发布时显示为未定义索引的输入名称

2012-05-14 99 views
0

我想将表单域的内容发布到MySql数据库中。博客的标题和内容应该发布到mysql表中,但我一直得到这个错误: 注意:未定义索引:titleblog在第10行的/home/ooze/public_html/main2/uploadblog.php注意:未定义索引:blogcontent in /home/ooze/public_html/main2/uploadblog.php上线11当试图发布时显示为未定义索引的输入名称

<table> 
<tr class="top row" style="font-weight: bold;"><td> 
<p>Upload your blog</p> 
<form name="f4" action="uploadblog.php" method="post" enctype="multipart/form-data"> 
title: <input type="text" name="titleblog" /> 
<br/> 
<textarea name="blogcontent" rows="10" columns="60" style="width:350px; height:150px;">Enter you blog here 
</textarea> 
<br/> 
<input type="submit" value="Submit" style="margin-left: 300px;"/> 
</form> 
</td></tr> 
</table>

这是PHP代码:

<?php 
session_start(); 
?> 
<?php 
$a = $_POST["titleblog"]; 
$b = $_POST["blogcontent"]; 
$conn = mysql_connect("localhost","ooze",""); 
mysql_select_db ("ooze"); 
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])"; 
mysql_query($mysql) or die(mysql_error()); 
echo "<p>Blog submitted</p>"; 
mysql_close($conn); 
?>

来源

2012-05-14 ozzysmith

+4

的http://鲍比桌。 com/ – Quentin

+0

http://chat.stackoverflow.com/transcript/message/3656047#3656047 – PeeHaa

+0

您确定值是由表单发送的吗? –

回答

0 
<?php 
if(isset($_post['submit']) && $_post['submit'] == 'Submit') { 
$a = $_POST["titleblog"]; 
$b = $_POST["blogcontent"]; 
$conn = mysql_connect("localhost","ooze",""); 
mysql_select_db ("ooze"); 
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])"; 
mysql_query($mysql) or die(mysql_error()); 
echo "<p>Blog submitted</p>"; 
mysql_close($conn); 
} 
?>

并且还提交的值丢失。给这样的<input type="text" name="titleblog" value="" />

来源

2012-05-14 15:36:58 chella

+0

不,它没有工作 – ozzysmith

+0

一旦我试过,我甚至没有收到提交后浏览器为空的错误消息 – ozzysmith

0

你忘了逃跑的字符串,以防止SQL注入:

<?php 
session_start(); 
?> 
<?php 
$a = mysql_real_escape_string($_POST["titleblog"]); // <-- 
$b = mysql_real_escape_string($_POST["blogcontent"]); // <-- 
$conn = mysql_connect("localhost","ooze",""); 
mysql_select_db ("ooze"); 
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b',  CURDATE(), $_SESSION[gatekeeper])"; 
mysql_query($mysql) or die(mysql_error()); 
echo "<p>Blog submitted</p>"; 
mysql_close($conn); 
?>

有关SQL注入的详细信息,请参阅:

http://php.net/manual/en/security.database.sql-injection.php

来源

2012-05-14 16:00:45

相关问题

 相关问题