douyi3676 2011-07-30 07:26
浏览 51

PHP不会POST到MySQL数据库。

I've made some PHP/HTML pages for easy inserting into one of my databases. At first it seemed to work fine, but once I tried testing more, I realized that when I try to type more than one line in my textarea (see below for the code), it won't go through to the database. I won't get any errors, but it won't be saved in the database, either. This problem also exists with the editing script I made. If I try editing the textarea, it doesn't change the database.

Codes are below.

All field types are varchar with unicode, so I can type non-english characters. The only ones that aren't are the ID (bigint) and the content (longtext) to allow lots and lots of info (theoretically, heh).

The two for adding to the database. I could probably figure out the updating one, if I knew what was wrong in general... this is my first time actually using PHP and MySQL in depth so I have absolutely no clue why it isn't working. Thanks for your help!

characteradd.php

<html>
<head>
<title>Character Add</title>
</head>
<body>
<div align="center">
<br>
<font style="font-size: 50px;"><b>Character Add</b></font><br>
Fill in everything with something.<br>
<br>
<form action="charinsert.php" method="post">
<table>
<tr>
<td>Name:</td><td><input type="text" name="name"><br></td>
<td>Story:</td><td><input type="text" name="story"><br></td>
</tr><tr>
<td>Deity Group?</td><td><input type="text" name="deity"><br></td>
<td>Country:</td><td><input type="text" name="country"><br></td>
</tr><tr>
<td>City:</td><td><input type="text" name="city"><br></td>
<td>Gender:</td><td><input type="text" name="gender"><br></td>
</tr><tr>
<td>Orientation:</td><td><input type="text" name="orientation"><br></td>
<td>Age:</td><td><input type="text" name="age"><br></td>
</tr><tr>
<td>Blood Type:</td><td><input type="text" name="blood"><br></td>
<td>Occupation?</td><td><input type="text" name="occupation"><br></td>
</tr><tr>
<td>Height:</td><td><input type="text" name="height"><br></td>
<td>Weight:</td><td><input type="text" name="weight"><br></td>
</tr><tr>
<td>Hair Color:</td><td><input type="text" name="hair"><br></td>
<td>Eye Color:</td><td><input type="text" name="eye"><br></td>
</tr>
<td>Race:</td><td><input type="text" name="race"><br></td>
<td>Pic Ref Preview:</td><td><input type="text" name="picpreview"><br></td>
</tr><tr>
<td>Pic Link:</td><td><input type="text" name="piclink"><br></td>
<td>Relation Link:</td><td><input type="text" name="relationlink"><br></td>
</tr><tr>
<td>Pirate Stuff</td></tr><tr>
<td>Allegiance:</td><td><input type="text" name="allegiance"><br></td>
</tr><tr>
<td>Future Stuff</td></tr><tr>
<td>Element:</td><td><input type="text" name="element"><br></td>
<td>Area:</td><td><input type="text" name="area"><br></td>
</tr><tr><td>History:</td></tr><tr>
<td colspan="4"><textarea cols="80" rows="15" name="content">
</textarea></td>
</tr>
</table>
<input type="Submit">
</form>
</div>
</body>
</html>

charinsert.php

<html>
<head>
<title>Character Added!</title>
</head>
<body>
<?php
$username="username";
$password="pass";
$database="obviously";
$host="notthis";

$name=$_POST['name'];
$story=$_POST['story'];
$deity=$_POST['deity'];
$country=$_POST['country'];
$city=$_POST['city'];
$gender=$_POST['gender'];
$orientation=$_POST['orientation'];
$age=$_POST['age'];
$blood=$_POST['blood'];
$occupation=$_POST['occupation'];
$height=$_POST['height'];
$weight=$_POST['weight'];
$hair=$_POST['hair'];
$eye=$_POST['eye'];
$race=$_POST['race'];
$picpreview=$_POST['picpreview'];
$piclink=$_POST['piclink'];
$rellink=$_POST['relationlink'];
$allegiance=$_POST['allegiance'];
$element=$_POST['element'];
$area=$_POST['area'];
$content=$_POST['content'];


mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO aliz_character VALUES ('','$story','$deity','$country','$city','$name','$gender','$orientation','$age','$blood','$occupation','$rellink','$height','$weight','$hair','$eye','$picpreview','$piclink','$allegiance','$element','$area','$race','$content')";
mysql_query($query);

mysql_close();
?>
<div align="center">
Return to <a href="dtop.php">updating page</a>.
</div>
</body>
</html>
  • 写回答

2条回答 默认 最新

  • dongxu0690 2011-07-30 07:28
    关注

    You're not escaping any of your inputs. Anyone can type stuff into any of those inputs to easily break the query. Just try putting a single quote mark ' in any of them.

    It's time to learn about PDO, prepared statements and parameter binding.

    If you want to use this script as-is, call mysql_real_escape_string on every single string you put into the query.

    $content = mysql_real_escape_string($_POST['content']);

    Her daughter is named Help I'm trapped in a driver's license factory

    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!