无法使用php在textarea输入中存储的数据库中插入答案

This file contains the code for search form:

search.php

<?php
session_start();
?>
<html>
    <head>
        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
    </head>
    <body>
        <?php
        echo"WELCOME ".strtoupper($_SESSION['user']);
        ?>
        <form method="get" action="searched.php">
            <label for="ques"></label>
            <input type="text" name="title" id="title" placeholder="Search...">
            <button type="submit" name="search"><i class="fa fa-search"></i></button>
        </form>
        <form method="post" action="question.php">
            <button type="submit" name="ask_ques">Ask a Question</button>
        </form>
    </body>
</html>

This file gets the input from search bar and displays the title with question and answer if any. It also contains a comment box to answer the question:

searched.php

<?php
session_start();
?>

<html>
    <head>
    </head>
    <body>
         <?php
            $conn=new mysqli("localhost","khushank","sethi","q&a");
            if($conn->connect_error){
                echo "unable to connect";
            }
            if($_SERVER['REQUEST_METHOD']=='GET'){
                if(isset($_GET['search'])){
                    $title=$_GET['title'];
                    $qsel=" SELECT title,qemail,ques FROM question WHERE title='$title' ";
                    if($qresult=$conn->query($qsel)){
                        if($qresult->num_rows==0){
                            header('location:question.php');
                        }
                        else{
                            while($qres=$qresult->fetch_assoc()){
                                echo "<strong>".ucfirst($qres['title'])."</strong><br><br>";
                                echo $qres['qemail'];
        ?> 
                                <textarea cols="65" id="qdes"><?php echo $qres['ques']; ?></textarea><br><br> 
        <?php  
                                $asel=" SELECT answer.aemail,answer.ans FROM question JOIN answer ON question.ques=answer.ques ";
                                if($aresult=$conn->query($asel)){
                                    if($aresult->num_rows>0){
                                        while($ares=$aresult->fetch_assoc()){
                                            echo"Answer:";
        ?>
                                            <textarea cols="65" id="ades"><?php echo $ares['ans']; ?></textarea><br><br>           
        <?php               
                                        }
                                    }
        ?>
                                    <form method="get" action="insertA.php?$ques='$qres['ques']'">
                                        <label for="ans"><?php 

                                            echo $_SESSION['user'];
                                        ?></label>
                                        <textarea cols="90" name="ans" placeholder="Your Answer"></textarea>
                                        <input type="submit" name="comment" value="submit">
                                    </form> 
        <?php              


                                }
                                else{
                                    echo "answer not selected";
                                }
                            } 
                        }  
                    }
                    else{
                        echo"not selected";    
                    }
                }
            }
            $conn->close();
        ?>           
    </body>
</html>

In this file answer is stored using GET method, but unable to get inserted into the database:

insert.php

<?php
require 'searched.php';
$conn=new mysqli("localhost","khushank","sethi","q&a");
if($conn->connect_error){
    echo "unable to connect";
}
echo"connected";
if($_SERVER['REQUEST_METHOD']=='GET'){
    if(isset($_GET['comment'])){
        $ans=mysql_real_escape_string($_GET['ans']);
        $username=$_SESSION['user'];
        //$ques=$_GET['$ques'];
        $insa=" INSERT INTO answer(aemail,ans) VALUES('$username','$ans') " ;
        if($conn->query($insa)){
            echo"inserted";
            echo"<script type='text/javascript'>".'alert("your answer is posted successfully");
            </script>';
        }
        else{
            echo"not inserted";
        }
    }
}
else{
    echo"1";
}
$conn->close();
?>

I'm unable to insert the values stored in $ans.

dongyun65343
dongyun65343 您的代码容易受到SQL注入攻击。您应该使用带有绑定参数的mysqli或PDO预处理语句,如本文所述。
大约 2 年之前 回复

2个回答

the problem is you can not write php direct into html. watch your search.php form tag. use this.

<form method="get" action="insert.php?<?php echo "$ques='".$qres['ques']."'">

and one more thing your page name is just insert.php not insertA.php

doushuangai9733
doushuangai9733 谢谢。 这对我有帮助
大约 2 年之前 回复

Here is the corrected solution to your problem. Though I do not see your schema, it looks like it is a bit wrong since you are joining the table using question field which according to your question is likely of string datatype. So here is the proposed db structure:

Question table:

DROP TABLE IF EXISTS `question`;
CREATE TABLE IF NOT EXISTS `question` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `title` varchar(50) NOT NULL,
  `qemail` varchar(100) NOT NULL,
  `que` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
--
-- Dumping data for table `question`
--    
INSERT INTO `question` (`id`, `title`, `qemail`, `que`) VALUES
(1, 'Physics', 'thanga@gmail.com', 'This is the quesiotn');
COMMIT;

Answer Table:

CREATE TABLE IF NOT EXISTS `answer` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `questionid` int(11) NOT NULL,
  `aemail` varchar(100) NOT NULL,
  `ans` text NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;
--
-- Dumping data for table `answer`
--
INSERT INTO `answer` (`id`, `questionid`, `aemail`, `ans`) VALUES
(1, 1, 'thanga@gmail.com', 'My answer is here'),
(2, 1, 'Khuskant', 'The new answer');

We add the question id in the answer table as we need it for joining both tables. It means we relation using the question id.

Change search.php to this:

<?php
session_start();
$_SESSION['user']='Khuskant'
?>
<html>
    <head></head>
    <body>
        <?php
        echo"WELCOME ".strtoupper($_SESSION['user']);
        ?>
        <form method="get" action="searched.php">
            <label for="ques"></label>
            <input type="text" name="title" id="title" placeholder="Search...">
            <button type="submit" name="search" value="token"><i class="fa fa-search"></i></button>
        </form>
        <form method="post" action="question.php">
            <button type="submit" name="ask_ques">Ask a Question</button>
        </form>
    </body>
</html>

When you submit the above form, you either go to question.php or searched.php depending on the availability of the search term in the db. If you want match the search term with the exact data stored in the question table, the following code will do: searched.php

<?php
session_start();
require_once "dbconnect.php";
?>
<html>
    <head>
    </head>
    <body class="content">
         <?php            
            if($_SERVER['REQUEST_METHOD']=='GET'){
                if(isset($_GET['search'])){
                    $title= filter_var($_GET['title'],FILTER_SANITIZE_STRING);
                    $stmt = $conn->prepare("SELECT id, title, qemail, que 
                             FROM question WHERE title=?");
                    $stmt->bind_param("s", $title);
                    $stmt->execute();
                    $result = $stmt->get_result();  
                    if($result->num_rows==0){
                        header('location:question.php');
                    }else{
                        while ($qres = $result->fetch_array(MYSQLI_ASSOC)) {
                            echo "<strong>".ucfirst($qres['title'])."</strong><br><br>";
                            echo $qres['qemail']; ?>
                            <textarea cols="65" id="qdes"><?php echo $qres['que']; ?></textarea>
                        <?php 
                            $qid = $qres['id'];
                            $aresult = $conn->query("SELECT answer.aemail, answer.ans 
                                                    FROM question 
                                                    LEFT JOIN answer ON question.id=answer.questionid
                                                    WHERE question.id=$qid");                           
                            if($aresult->num_rows>0){
                                 while($ares = $aresult->fetch_assoc()){                                        
                                      echo"<br>Answer:"; ?>
                                  <textarea cols="65" id="ades"><?php echo $ares['ans']; ?></textarea><br><br>           
                            <?php } } ?>
                            <form method="get" action="insert.php">
                               <label for="ans"><?php echo $_SESSION['user'];?></label>
                                <textarea cols="90" name="ans" placeholder="Your Answer"></textarea>
                                <input type="hidden" name="qid" value="<?php echo $qid;?>">
                                <input type="submit" name="comment" value="submit">
                            </form>
                    <?php 
                    }
                }
            }
        } ?>       
    </body>
</html>

if you want a partial match, you have to change this part of the code:

$stmt = $conn->prepare("SELECT id, title, qemail, que 
                        FROM question WHERE title=?");
$stmt->bind_param("s", $title);

to

$stmt = $conn->prepare("SELECT id, title, qemail, que 
                        FROM question WHERE title LIKE ?");
$stmt->bind_param("s", $title."%");

Change the insert.php to:

<?php
session_start();
require 'dbconnect.php';
if($_SERVER['REQUEST_METHOD']=='GET'){
    if(isset($_GET['comment'])){
        $ans=filter_var($_GET['ans'], FILTER_SANITIZE_STRING);
        $qid=filter_var($_GET['qid'], FILTER_SANITIZE_NUMBER_INT);
        $username=$_SESSION['user'];
        $insa= $conn->prepare("INSERT INTO answer(questionid, aemail, ans) VALUES(?,?,?)");
        $insa->bind_param('iss', $qid, $username, $ans);
        $insa->execute();
        if($insa->affected_rows>0){
            echo $insa->affected_rows." rows inserted";
            exit;           
        } else{
            echo"not inserted";
            exit;
        }
    }
}
else{
    echo "1";
}
$conn->close();
?>

dbconnect.php

$conn = new mysqli("localhost", "user", "pass", "testdb");
if ($conn->connect_errno) {
    echo "Failed to connect to MySQL: " . $conn->connect_error;
}

Put them all in the same directory, it will works. Hope this helps you.

doudang9147
doudang9147 如果它有帮助,您可以单击勾选图标以接受它可以帮助您。 我们这样做是为了在这里获得声誉。
大约 2 年之前 回复
dozrhldy285751
dozrhldy285751 谢谢你。我帮了很多忙
大约 2 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问