这是一个创建PHP页面向表中添加数据的尝试。我在第79行得到一个解析错误,所以我已经摆弄了一段时间:
Parse error: syntax error, unexpected T_STRING in /home/sharah19/dev.rahmaninet.org/new.php on line 79
我也有另一个问题:什么是最简单的方法,使这个页面安全?所以只有通过登录页面进行身份验证的用户才能添加记录?
new.php:<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first, $last,$email, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Add a New Record</title>
<link href="rahmani.css" rel="stylesheet">
</head>
<body>
<div id="main">
<h1>RahmaniNET CRM System</h1>
<?php include("header.php"); ?>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>First Name: *</strong> <input type="text" name="first_name" value="<?php echo $first_name; ?>" /><br/>
<strong>Last Name: *</strong> <input type="text" name="last_name" value="<?php echo $last_name; ?>" /><br/>
<strong>email: *</strong> <input type="text" name="email" value="<?php echo $email; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$first_name = mysql_real_escape_string(htmlspecialchars($_POST['first_name']));
$last_name = mysql_real_escape_string(htmlspecialchars($_POST['last_name']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
// check to make sure both fields are entered
if ($first_name == '' || $last_name == ''|| $email == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($first_name, $last_name, $email, $error);
}
else
{
// save the data to the database
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email' )
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('$first', '$last','$email', $error);
}
?>
这个错误来自于MySQL查询缺少一个结束引号:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email') or die(mysql_error());
应该是:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email'") or die(mysql_error());
你还问:
我还有另一个问题:制作这个页面最简单的方法是什么安全吗?因此,只有通过登录页面进行身份验证的用户才能使用添加记录?
如果你正在使用Apache,那么你应该使用Apache AuthType Basic。更多细节请看这里。
您的sql字符串中缺少双引号:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email' )