Question

i veri gönderen bir PHP iletişim formu ve bir e-posta var ...:

<?php 
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("guest"); 

if (isset($_POST['submit'])) { 

if (!$_POST['name'] | !$_POST['email']) 
{
echo"<div class='error'>Error<br />Please provide your Name and Email Address so we may properly contact you.</div>";
}
else
{
$age = $_POST['age']; 
$name = $_POST['name'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$comments = $_POST['comments'];

$query = "INSERT INTO contact_us (age,name,gender,email,phone,comments)
VALUES ('$age','$name','$gender','$email','$phone','$comments')";

mysql_query($query);

mysql_close();

$yoursite = "Mysite ";
$youremail = $email;

$subject = "Website Guest Contact Us Form";
$message = "$name would like you to contact them 
                            Contact PH:  $phone
Email:  $email
Age: $age
Gender: $gender
Comments:  $comments";

$email2 = "my@email.com";

mail($email2, $subject, $message, "From: $email");

echo"<div class='thankyou'>Thank you for contacting us,<br /> we will respond as soon as we can.</div>";

}
}
?>

The email is coming through fine, but the data is not storing the dbase... am i missing something? Its the same script as i use on another contact us page, only difference is instead of parsing the data on teh same page, i now send this data to a "thankyou.php" page... i tried changing $_POST to $_GET but that killed the page... what am i doing wrong?

Answer 1

Her şeyden önce, you must escape your data SQL sorgusu onları enjekte önce.

Bu böyle, mysql_real_escape_string fonksiyonu kullanılarak yapılabilir:

$name = mysql_real_escape_string($_POST['name']);
// ... same for other fields that contain strings
$comments = mysql_real_escape_string($_POST['comments']);

This will ensure that quotes in your data are escaped, and don't mess with the ones that are arround the fields' data in the SQL query, first.

Ve ikinci olarak, bu önlemeye yardımcı olacak SQL Injections.

Also, in case of an error during the execution of a query, mysql_query will return false -- which means you should test the value returned by that function -- to possibly log the cause of the error :

$result = mysql_query($query);
if ($result === false) {
    // An error has occured...
    echo mysql_error();
}

Not: Burada, ben sadece hata mesajı görüntülenir - ama bunun yerine üretim uygulama koymadan önce, (to a file, for instance) yerde hata oturum gerekir: Kullanıcıların ihtiyaç (nor want) görmek gerekmez herhangi bir teknik hata mesajı!

Answer 2

Başarısız olmadığını görmek için mysql_query(...) sonucunu kontrol ediniz. Başarısız olmasaydı, MySQL kesinlikle sizin için depolanan bilgileri olmalıdır.

mySQL veri kaydetme değil?

2 Cevap

etiketler