-5
似乎我正在做一些非常基本的錯誤。一個簡單的程序,我想做一個比較失敗。爲什麼這裏沒有正確比較
幾個問題:1。 請求你幫我找出什麼是錯在這裏比較它保持在第一條件並打印空白 2.去我不能拿起datetimepicker1
的價值請幫忙!!
<?php
$name = trim(stripslashes($_REQUEST['name']));
$email = trim(stripslashes($_REQUEST['email']));
$phone = trim(stripslashes($_REQUEST['phone']));
$city = trim(stripslashes($_REQUEST['city']));
$datetimepicker1 = trim(stripslashes($_REQUEST['datetimepicker1']));
$placeofbirth = trim(stripslashes($_REQUEST['placeofbirth']));
$message = trim(stripslashes($_REQUEST['message']));
$response = '';
$result = -100;
//conection:
$link = mysqli_connect("localhost","admin","[email protected]","graph") or die("Error " . mysqli_error($link));
//consultation:
$query = "INSERT INTO user_msg
(user_msg_name, user_msg_email, user_msg_phone,
user_msg_city, user_msg_dob, user_msg_birthtime,
user_msg_birthplace, user_msg_messages,
user_msg_section)
values ('$name','$email','$phone',
'$city', '$datetimepicker1', '$datetimepicker1',
'$placeofbirth', '$message', 'contactus')" ;
//execute the query.
$result = $link->query($query) or die("Error in the consult.." . mysqli_error($link));
//display information:
if($result == -100)
{
$response = ' ';
}
elseif($result > 0)
{
$response = "Thank you $fname $lname for contacting us!<br/>";
}
else
{
$response = "Sorry, there has been an error, please try later.<br/>";
}
echo ' response='.$response;
?>
你是開放的SQL注入。由於您使用的是mysqli,請利用[prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和[bind_param](http://php.net/手動/ EN/mysqli的-stmt.bind-param.php)。 **這將處理可能發生的任何討厭的引用問題。** – aynber
INSERT查詢的結果將是'TRUE'或'FALSE'因此'if($ result == -100)'是一個完整的廢話 – RiggsFolly
在$查詢 - 我不知道你可以將變量粘貼到像這樣的字符串(引號中的變量名)..然後它會知道你是否想要變量$ name的值或字符串'$ name'? – johnyTee