开发者

PHP won't POST to MySQL database.

问答 作者:

I've made some PHP/HTML pages for easy inserting into one of my databases. At first it seemed to work fine, but once I tried testing more, I realized that when I try to type more than one line in my textarea (see below for the code), it won't go through to the database. I won't get any errors, but it won't be saved in the database, either. This problem also exists with the editing script I made. If I try editing the textarea, it doesn't change the database.

Codes are below.

All field types are varchar with unicode, so I can type non-english characters. The only ones that aren't are the ID (bigint) and the content (longtext) to allow lots and lots of info (theoretically, heh).

The two for adding to the database. I could probably figure out the updating one, if I knew what was wrong in general... this is my first time actually using PHP and MySQL in depth so I have absolutely no clue why it isn't working. Thanks for your help!

characteradd.php

<html>
<head>
<title>开发者_Python百科Character Add</title>
</head>
<body>
<div align="center">
<br>
<font style="font-size: 50px;"><b>Character Add</b></font><br>
Fill in everything with something.<br>
<br>
<form action="charinsert.php" method="post">
<table>
<tr>
<td>Name:</td><td><input type="text" name="name"><br></td>
<td>Story:</td><td><input type="text" name="story"><br></td>
</tr><tr>
<td>Deity Group?</td><td><input type="text" name="deity"><br></td>
<td>Country:</td><td><input type="text" name="country"><br></td>
</tr><tr>
<td>City:</td><td><input type="text" name="city"><br></td>
<td>Gender:</td><td><input type="text" name="gender"><br></td>
</tr><tr>
<td>Orientation:</td><td><input type="text" name="orientation"><br></td>
<td>Age:</td><td><input type="text" name="age"><br></td>
</tr><tr>
<td>Blood Type:</td><td><input type="text" name="blood"><br></td>
<td>Occupation?</td><td><input type="text" name="occupation"><br></td>
</tr><tr>
<td>Height:</td><td><input type="text" name="height"><br></td>
<td>Weight:</td><td><input type="text" name="weight"><br></td>
</tr><tr>
<td>Hair Color:</td><td><input type="text" name="hair"><br></td>
<td>Eye Color:</td><td><input type="text" name="eye"><br></td>
</tr>
<td>Race:</td><td><input type="text" name="race"><br></td>
<td>Pic Ref Preview:</td><td><input type="text" name="picpreview"><br></td>
</tr><tr>
<td>Pic Link:</td><td><input type="text" name="piclink"><br></td>
<td>Relation Link:</td><td><input type="text" name="relationlink"><br></td>
</tr><tr>
<td>Pirate Stuff</td></tr><tr>
<td>Allegiance:</td><td><input type="text" name="allegiance"><br></td>
</tr><tr>
<td>Future Stuff</td></tr><tr>
<td>Element:</td><td><input type="text" name="element"><br></td>
<td>Area:</td><td><input type="text" name="area"><br></td>
</tr><tr><td>History:</td></tr><tr>
<td colspan="4"><textarea cols="80" rows="15" name="content">
</textarea></td>
</tr>
</table>
<input type="Submit">
</form>
</div>
</body>
</html>

charinsert.php

<html>
<head>
<title>Character Added!</title>
</head>
<body>
<?php
$username="username";
$password="pass";
$database="obviously";
$host="notthis";

$name=$_POST['name'];
$story=$_POST['story'];
$deity=$_POST['deity'];
$country=$_POST['country'];
$city=$_POST['city'];
$gender=$_POST['gender'];
$orientation=$_POST['orientation'];
$age=$_POST['age'];
$blood=$_POST['blood'];
$occupation=$_POST['occupation'];
$height=$_POST['height'];
$weight=$_POST['weight'];
$hair=$_POST['hair'];
$eye=$_POST['eye'];
$race=$_POST['race'];
$picpreview=$_POST['picpreview'];
$piclink=$_POST['piclink'];
$rellink=$_POST['relationlink'];
$allegiance=$_POST['allegiance'];
$element=$_POST['element'];
$area=$_POST['area'];
$content=$_POST['content'];


mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO aliz_character VALUES ('','$story','$deity','$country','$city','$name','$gender','$orientation','$age','$blood','$occupation','$rellink','$height','$weight','$hair','$eye','$picpreview','$piclink','$allegiance','$element','$area','$race','$content')";
mysql_query($query);

mysql_close();
?>
<div align="center">
Return to <a href="dtop.php">updating page</a>.
</div>
</body>
</html>

You're not escaping any of your inputs. Anyone can type stuff into any of those inputs to easily break the query. Just try putting a single quote mark ' in any of them.

It's time to learn about PDO, prepared statements and parameter binding.

If you want to use this script as-is, call mysql_real_escape_string on every single string you put into the query.

$content = mysql_real_escape_string($_POST['content']);

PHP won't POST to MySQL database.

going with @Dan Grossman my two cents that you didn't escape the ' and ur textarea has a good deal of them from user input....use mysql_error to check the error message and as above use real escape string or addslashes and stripslashes to code...cheers!!

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9