我对php的所有东西都是全新的,但我已经设法将下面的表格拼凑在一起。但出于某种我不明白的原因,每次我点击提交按钮,它都会转到一个值为0的新页面。这是页面
http://upcycledonline.com/test/Site/myform2.php
<?php
if($_POST['formSubmit'] == "Submit"){
$errorMessage = "";
if(empty($_POST['formEmail'])){
$errorMessage .= "<li>You forgot to enter your email</li>";
}
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
//$varEmail = $_POST['formEmail'];
if(empty($errorMessage)){
$db = mysql_connect("server","id","password");
if(!$db)
die("Error connecting to MySQL database.");
mysql_select_db("tableName" ,$db);
$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
mysql_query($sql);
//$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
//$results = mysql_query($sql);
//$sql = "INSERT INTO emails (emails)"
//. "VALUES ('{$varEmail}');
//mysql_query($sql);
// echo "Details added";
// $_SESSION['status'] = 'success';
}
//header("Location: thankyou.html");
exit();
}
function PrepSQL($value){
// Stripslashes
if(get_magic_quotes_gpc()){
$value = stripslashes($value);
}
// Quote
//this is how I should be doing the escape thing
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
这里是形式
<?php
if(!empty($errorMessage)){
echo("<p>There was an error with your form:</p>'n");
echo("<ul>" . $errorMessage . "</ul>'n");
}
?>
<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"
method="post" onSubmit="alert('Thank you. Your email has been added.')">
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
<input type="submit" name="formSubmit" value="Submit" />
</form>
如果它们在一个文件中,它仍然有一些问题。
而不是:
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
尝试:
$varEmail = mysql_real_escape_string($_POST['formEmail']);
这将把代码带到mysql部分,然后它将退出。
header命令可用于重定向到"thank you"页面,或者在成功或失败时返回。
然后在数据库中查找数据。:)
顺便说一句:
您几乎在PrepSql函数中拥有它,但没有使用它。
你可以这样做:$varEmail = PrepSql($_POST['formEmail']);
不过要注意额外的"。
为尽早学会逃避数据而欢呼!:)
编辑:您可能会在表单的输入行中得到一个错误,它说<?$varEmail;?>
…
在这里你使用"短标签",这意味着你跳过"php":<?php echo $myVar;?>
。还缺少"echo"
您可以直接删除这部分-因为您从用户输入中获得值。
这将在我的机器上响应我的输入(为测试注释掉sql):
<?php
if($_POST['formSubmit'] == "Submit")
{
$errorMessage = "";
if(empty($_POST['formEmail']))
{
$errorMessage .= "<li>You forgot to enter your email</li>";
}
$varEmail = PrepSql($_POST['formEmail']);
//$varEmail = $_POST['formEmail'];
if(empty($errorMessage))
{
/*$db= mysql_connect("server","id","password");
if(!$db) die("Error connecting to MySQL database.");
mysql_select_db("tableName" ,$db);*/
echo $varEmail;
//$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
//mysql_query($sql);
//$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
//$results = mysql_query($sql);
//$sql = "INSERT INTO emails (emails)"
//. "VALUES ('{$varEmail}');
//mysql_query($sql);
// echo "Details added";
// $_SESSION['status'] = 'success';
}
//header("Location: thankyou.html");
exit();
}
function PrepSQL($value)
{
// Stripslashes
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote
//this is how I should be doing the escape thing
//$value = "'" . mysql_real_escape_string($value) . "'";
$value = mysql_real_escape_string($value);
return($value);
}
if(!empty($errorMessage))
{
echo("<p>There was an error with your form:</p>'n");
echo("<ul>" . $errorMessage . "</ul>'n");
}
?>
<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" onSubmit="alert('Thank you. Your email has been added.')">
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" />
<input type="submit" name="formSubmit" value="Submit" />
</form>