Good Day,每次刷新php文件时,成功的警报总是会出现,甚至在按下提交按钮之前,因此在我的数据库中显示空数据。
我需要帮助,因为没有显示任何警告或错误。提前感谢您的帮助。
PHP:
session_start(
);
require 'Connect.php';
if(empty($_POST['FirstName']))
$FirstName = '';
else
$FirstName = ($_POST['FirstName']);
if(empty($_POST['LastName']))
$LastName = '';
else
$LastName = ($_POST['LastName']);
if(empty($_POST['Gender']))
$Gender = '';
else
$Gender = ($_POST['Gender']);
if(empty($_POST['UserName']))
$UserName = '';
else
$UserName = ($_POST['UserName']);
if(empty($_POST['Password']))
$Password = '';
else
$Password = ($_POST['Password']);
if(empty($_POST['reEnterPassword']))
$reEnterPassword = '';
else
$reEnterPassword = ($_POST['reEnterPassword']);
if(empty($_POST['EmailAdd']))
$EmailAdd = '';
else
$EmailAdd = ($_POST['EmailAdd']);
if(empty($_POST['reEnterEmailAdd']))
$reEnterEmailAdd = '';
else
$reEnterEmailAdd = ($_POST['reEnterEmailAdd']);
$sql = " INSERT INTO User(FirstName, LastName, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$UserName', '$Password', '$reEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
$result = mysql_query($sql);
if (!$result){
die('Invalid Input: ' . mysql_error().$sql);
}
else{
echo "<script> alert('Successfully Added'); </script> ";
}
?>
$FirstName = (isset($_POST['FirstName'])&&$_POST['FirstName']!='')?$_POST['FirstName']:die("required");
对每个变量执行此操作。然后执行查询。它不会添加空数据。
正如@Machavity所说,为了防止SQL injection。看看这个:
http://php.net/manual/en/ref.pdo-mysql.php
绑定变量,而不是直接将其插入查询中。