douaipi3965 2012-07-16 13:47
浏览 55
已采纳

在向MySQL(PHP)添加值时阻止在输入字段中执行数学表达式

I have set up the following form:

<form name="pric" method="post" action="up.php">
    <div id="prices_col">Season A<br>
        <input type='text' name="date0" maxlength="13" size="15" style="font-size: 9px;" value="<?php echo $_date[0]?>" />
    </div>
    <div align="middle"><input type="submit" value="EDIT"></div>
</form>

Information in database right now was like this ($_date[0] contains):

04/06 - 25/06

After posting the information, it decided to run the expression and I got something like:

-1.333333333

I use the following code:

$_date[0] = trim($_POST["date0"]);
mysql_query("UPDATE price SET _date=".$_date[0]." WHERE id='0'") or die(mysql_error());

How can I stop it from executing? I need to store the value as a plain text to the database.

  • 写回答

1条回答 默认 最新

  • doushi1974 2012-07-16 14:17
    关注
    mysql_query("UPDATE `price` SET `_date`='".mysql_real_escape_string(trim($_POST["date0"]))."' WHERE `id`=0") or die(mysql_error());

    as _date is a text field and mysql_real_escape_string for security

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?