duansao6776 2016-05-31 12:32
浏览 28
已采纳

防止将数据添加到数据库中

I'm trying to do a directory where u can add yourself by entering the code sms. After entering the correct code sms, it checks if code exist in the database, then remove entered code from DB and add data from form. Now I have a problem because I do not know how to prevent from adding data into the database, when the given code is incorrect. At the moment, it looks like this:

    if ($sum != $val1+$val2) {   //simple captcha
            echo '<div id="message_position_capreg"><p class="error_form"><font color="red">Incorrect. Try again</font></p></div>';
        }
        else {
            if ($_POST['code']){
    $code=$_POST['code'];

    global $wpdb;
    $sql = $wpdb->prepare("SELECT id FROM code_sms WHERE code = %s", $cd);
    $check_code = $wpdb->get_results($sql);

    if ($check_code>0)  {

    $wpdb->delete( 'code_sms', array( 'code' => $code ) );


    if ( isset( $_POST["submit_formm"] ) && $_POST["company_nip"] && $_POST["company_name"] != "" ){
                $company_nip = strip_tags($_POST["company_nip"], "");
                $company_name = strip_tags($_POST["company_name"], "");
    $result = $wpdb->insert( 
                    'test', 
                    array( 
                        'company_nip' => $company_nip, 'company_name' => $company_name)
                );

    if (!$result) {
            echo '<div>
    ERROR</div>';
            }
            else {

             echo '<div>
    Succes</div>';
            }
        }
         }
}
    }

EDIT: I editted my code, like @thephatp said, and it's now working :)

  • 写回答

3条回答 默认 最新

  • dongzhou1901 2016-05-31 12:51
    关注

    You're basically checking "if sms_code exists in database" then "remove code; insert form data."

    However, you're closing your if statement prior to adding the form data. Move your } that closes your if statement as shown below. That way, if the sms_code is incorrect, you do not process the form data if statement & insert.

    Also, your $check_code variable is not the number of rows, but rather a results set. This result set will only be FALSE if the query resulted in an error. See the documentation for get_result here: mysqli_stmt_get_result

    Returns a resultset for successful SELECT queries, or FALSE for other DML queries or on failure. The mysqli_errno() function can be used to distinguish between the two types of failure.

    You need to check the results set for the number of rows and test against that in the if statement. Code below has been updated.

      if ($sum != $val1+$val2) {   //simple captcha
            echo '<div id="message_position_capreg"><p class="error_form"><font color="red">Incorrect. Try again</font></p></div>';
        }
        else {
            if ($_POST['code']){
    $code=$_POST['code'];

    global $wpdb;
    $sql = $wpdb->prepare("SELECT id FROM code_sms WHERE code = %s", $cd);

   $result = $wpdb->get_results($sql);

   /* Get the number of rows */
   $num_of_rows = $result->num_rows;

    if ($num_of_rows>0)  {

        $wpdb->delete( 'code_sms', array( 'code' => $code ) );

        if ( isset( $_POST["submit_formm"] ) && $_POST["company_nip"] && $_POST["company_name"] != "" ){
                    $company_nip = strip_tags($_POST["company_nip"], "");
                    $company_name = strip_tags($_POST["company_name"], "");
            $result = $wpdb->insert( 
                        'test', 
                        array( 
                            'company_nip' => $company_nip, 'company_name' => $company_name)
                    );

            if (!$result) {
                echo '<div>
                ERROR</div>';
            }
            else {

                 echo '<div>
                Succes</div>';
            }
        }
    }
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 processing提取音乐节奏
  • ¥15 python进程启动打包问题
  • ¥15 gg加速器加速游戏时,提示不是x86架构
  • ¥15 python按要求编写程序
  • ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入
  • ¥20 XP系统在重新启动后进不去桌面,一直黑屏。
  • ¥15 opencv图像处理,需要四个处理结果图
  • ¥15 无线移动边缘计算系统中的系统模型
  • ¥15 深度学习中的画图问题
  • ¥15 java报错:使用mybatis plus查询一个只返回一条数据的sql,却报错返回了1000多条