doudun1029 2011-08-04 18:50
浏览 49

验证表单字段以发送到数据库

im currently sumitting info the database via a form i have created:

<form method="post" action="send.php">
    <input type="text" name="firstname" id="firstname" class="yourinfo" ><br/>
    <input type="text" name="lastname" id="lastname" value="Last Name" onFocus=this.value='' class="yourinfo"><br/>
    <input type="text" name="email" id="email" value="Email Address" onFocus=this.value='' class="yourinfo"><br/>
    <input type="text" name ="date" id="datepicker" value="Enter Your Prediction" onFocus=this.value='' class="yourinfo"><br/>
    <input type="submit" value="submit" >
    </form>

i then have my php which is submitting it to the database:

<?php


$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$datepicker = $_POST['date'];

//get the correct format
$new_date = date('Y-m-d',strtotime($_POST['date']));

mysql_connect ("localhost", "user", "pass") or die ('Error: ' . mysql_error());
mysql_select_db ("database");

$query="INSERT INTO table (id, firstname, lastname, email, date) 
VALUES ('NULL', '".$firstname."', '".$lastname."', '".$email."',   '".mysql_real_escape_string($new_date)."')";


mysql_query($query) or die (mysql_error());  


header('Location: table.php');
?>

ive been told that i MUST validate the form before submittin anything to the database but im not entirely sure on how to do this, i know it something to do with mysql_real_escape_string() but im a little unsure of what to do

hope you can help

Here are the errors:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'gezzamon'@'localhost' (using password: NO) in /home/gezzamon/public_html/allymccoist/send.php on line 4

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/gezzamon/public_html/allymccoist/send.php on line 4

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'gezzamon'@'localhost' (using password: NO) in /home/gezzamon/public_html/allymccoist/send.php on line 5

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/gezzamon/public_html/allymccoist/send.php on line 5

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'gezzamon'@'localhost' (using password: NO) in /home/gezzamon/public_html/allymccoist/send.php on line 6

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/gezzamon/public_html/allymccoist/send.php on line 6

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'gezzamon'@'localhost' (using password: NO) in /home/gezzamon/public_html/allymccoist/send.php on line 7

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/gezzamon/public_html/allymccoist/send.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at /home/gezzamon/public_html/allymccoist/send.php:4) in /home/gezzamon/public_html/allymccoist/send.php on line 23
  • 写回答

2条回答 默认 最新

  • doumi7861 2011-08-04 18:53
    关注

    You can at least check if they are empty or not, and use a regular expression to validate the email. Also use PDO for your database, it will protect you from all forms of SQL Injection.

    There are plenty of tutorials about PDO on the internet.

    评论

报告相同问题?

悬赏问题

  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥30 BC260Y用MQTT向阿里云发布主题消息一直错误
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据
  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 Centos / PETGEM
  • ¥15 划分vlan后不通了
  • ¥20 用雷电模拟器安装百达屋apk一直闪退