我想验证我的php表单使用异常,但不知何故它不起作用。如果用户在“nameg”中输入任何不是字符串的字符,并在“amountg”中输入任何非整数的字符,都会抛出异常。应例外,即使在这种情况下使用:php脚本不会抛出异常
if(!empty($_POST['nameg']) && !empty($_POST['amountg']))
{
$user="rootdummy";
$pass="password";
$db="practice";
$nameg=$_POST['nameg'];
$amountg=$_POST['amountg'];
try{
if(!is_int($amountg) || !is_string($nameg)){
throw new Exception("This is the exception message!");
}
}
catch (Exception $e){
$e->getMessage();
}
mysql_connect('localhost',$user,$pass) or die("Connection Failed!, " . mysql_error());
$query="INSERT INTO practable (name,given) VALUES('$nameg',$amountg) ON DUPLICATE KEY UPDATE name='$nameg', given=IFNULL(given + $amountg,$amountg)";
mysql_select_db($db) or die("Couldn't connect to Database, " . mysql_error());
mysql_query($query) or die("Couldn't execute query! ". mysql_error());
mysql_close() or die("Couldn't disconnect!");
include("dbclient.php");
echo "<p style='font-weight:bold;text-align:center;'>Information Added!</p>";
}
您的代码很容易受到SQL注入和mysql_ *轻轻地弃用。 – Paul 2012-03-24 14:07:36
你作为'$ _POST ['amountg']'发布了什么,值? – safarov 2012-03-24 14:08:38
是$ _POST ['amountg']是用户通过表单输入的值。 – tutak 2012-03-24 14:15:29