我正在开发一个聊天网络应用程序。问题是,每当加载页面时,都会在数据库中插入空消息。
代码如下
<!-- Insert MySQL datbase into HTML -->
<?php
$connection = mysqli_connect("localhost", "root", "", "tru");
$query = "SELECT * FROM shouts ORDER BY id Desc LIMIT 8";
$shouts = mysqli_query($connection, $query);
?>
<!-- Insert MySQL datbase into HTML -->
<?php while ($row = mysqli_fetch_assoc($shouts)) : ?>
<li> <?php echo $row['shout']; ?> <b> Sent at </b><?php echo $row['Time']; ?></li>
<?php endwhile; ?>
</ul>
</div>
<footer>
<form action="index.php" method="post">
<label>Shout Text: </label>
<input type="text" name="shout" placeholder="Enter your message here">
<input type="submit" id="submit" value="SHOUT!" >
</form>
<?php
<!-- Insert into MySQL datbase -->
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
</footer>
</div>
</body>
</html>
<?php
if(isset($_POST["name"])){
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
}
用if句你就解决了。只有当POST名称变量为isset时,它才会添加一条记录。
您无条件地insert
一行,所以这是一种预期。那么,条件应该是什么呢?当然,在页面加载时,您不希望insert
一个呼喊,只希望在POST上。因此,您需要测试请求是否为post:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// insert the row
}
但是即使它是POST,您也需要测试它是否有效,所以检查name和shout:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ((isset($_POST["name"])) && (isset($_POST["shout"])) && ($_POST["name"]) && ($_POST["shout"])) {
//insert the row
}
}
注意SQL注入