douzhi2017 2014-09-08 21:29
浏览 52

提交到MySQL,但if语句导致问题[关闭]

The form is submitting, but the $id variable is behaving strangely, while the $part variable is behaving as expected.

The first if statement works perfectly, but all of the rest will submit the $part variable, while setting the $id variable to "0". Any clue what could be happening?

 <?php    
    $part = $_POST['participating'];
    $form = $_POST['forms'];
    $meth = $_POST['method'];
    $id = $_POST['id'];

    if ($meth == "Forms - Foo") {
        $sql="INSERT INTO form_foo (id, participants, forms)
              VALUES ('$id', '$part', '$form')";
        $result = mysql_query($sql);
    } else if ($meth=="Forms - Other") {
        $sql="INSERT INTO form_other (id, participants)
              VALUES ('$id', '$part')";
        $result = mysql_query($sql);
    } else if ($meth=="Online - Foo") {
        $sql="INSERT INTO online_foo (id, participants)
              VALUES ('$id', '$part')";
        $result = mysql_query($sql);
    } else {
        $sql="INSERT INTO online_other (id, participants)
              VALUES ('$id', '$part')";
        $result = mysql_query($sql);
    }
?>
  • 写回答

1条回答 默认 最新

  • download2565 2014-09-08 21:48
    关注

    Q: Any clue what could be happening?

    A: One way to get a clue about what's happening would be to output the contents of $sql before the call to mysql_query.

    A simple echo, vardump, printf would be one way to get the actual SQL that's being submitted to the database. From there, that will help you determine whether the problem is upstream, in getting the SQL statement built, or downstream, in executing the statement in the database.

    Also, it's a good idea to check the return from mysql_query. The return will be FALSE if there's a MySQL error. And there's a mysql_error function that can return the text of the last MySQL error.

    Just guessing here, but the most likely explanation for the behavior you are observing, the contents of $id variable starts with something other than digit characters. MySQL tries to get a number out of the leading portion of a string literal. And an empty string will evaluate to zero in a numeric context, consider:

    SELECT '2b3c' + 0    => 2
SELECT 'a1b2' + 0    => 0
SELECT ''     + 0    => 0

    It's very unlikely that the if statement is causing an issue; we don't see any assignment being done, apart from assigning a value to $sql variable. The if block you posted has only a conditional test.

    If the SQL text being submitted looks reasonable, e.g. ... VALUES ('456','foo'), then we'd need to take a closer look at the database. (Like, did someone create a BEFORE INSERT trigger containing SET NEW.id = 0;? Is the column id declare to be INT, and you are expecting it to be VARCHAR. We're just guessing.

    Also, you may want to consider SQL Injection vulnerabilities, when "unsafe" values are included in SQL text. The mysql interface, provides a mysql_real_escape_string function that does a good job of making "unsafe" values "safe" for inclusion in a SQL statement.

    评论

报告相同问题?

悬赏问题

  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥120 计算机网络的新校区组网设计
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改