每次都会添加一条额外的 Sql 条记录
An extra Sql record is being added everytime
我正在开发一个聊天网络应用程序。问题是每当加载页面时,每次都会将一条空消息插入数据库。
代码如下
<!-- Insert MySQL datbase into HTML -->
<?php
$connection = mysqli_connect("localhost", "root", "", "tru");
$query = "SELECT * FROM shouts ORDER BY id Desc LIMIT 8";
$shouts = mysqli_query($connection, $query);
?>
<!-- Insert MySQL datbase into HTML -->
<?php while ($row = mysqli_fetch_assoc($shouts)) : ?>
<li> <?php echo $row['shout']; ?> <b> Sent at </b><?php echo $row['Time']; ?></li>
<?php endwhile; ?>
</ul>
</div>
<footer>
<form action="index.php" method="post">
<label>Shout Text: </label>
<input type="text" name="shout" placeholder="Enter your message here">
<input type="submit" id="submit" value="SHOUT!" >
</form>
<?php
<!-- Insert into MySQL datbase -->
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
</footer>
</div>
</body>
</html>
<?php
if(isset($_POST["name"])){
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
}
用一个 if 语句就解决了。如果设置了 POST 名称变量,它只会添加一条记录。
你无条件insert连续,所以这是意料之中的。那么,应该具备怎样的条件呢?当然,在页面加载时您不想 insert 大喊大叫,只希望在 POST 上大喊大叫。所以你需要测试请求是否是 post:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// insert the row
}
但即使是POST,也需要测试是否有效,所以查名字喊:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ((isset($_POST["name"])) && (isset($_POST["shout"])) && ($_POST["name"]) && ($_POST["shout"])) {
//insert the row
}
}
不过要注意 SQL injection。
我正在开发一个聊天网络应用程序。问题是每当加载页面时,每次都会将一条空消息插入数据库。
代码如下
<!-- Insert MySQL datbase into HTML -->
<?php
$connection = mysqli_connect("localhost", "root", "", "tru");
$query = "SELECT * FROM shouts ORDER BY id Desc LIMIT 8";
$shouts = mysqli_query($connection, $query);
?>
<!-- Insert MySQL datbase into HTML -->
<?php while ($row = mysqli_fetch_assoc($shouts)) : ?>
<li> <?php echo $row['shout']; ?> <b> Sent at </b><?php echo $row['Time']; ?></li>
<?php endwhile; ?>
</ul>
</div>
<footer>
<form action="index.php" method="post">
<label>Shout Text: </label>
<input type="text" name="shout" placeholder="Enter your message here">
<input type="submit" id="submit" value="SHOUT!" >
</form>
<?php
<!-- Insert into MySQL datbase -->
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
</footer>
</div>
</body>
</html>
<?php
if(isset($_POST["name"])){
$link = mysqli_connect("localhost", "root", "", "tru");
$sql = "INSERT INTO shouts (name,shout) VALUES ('$_POST[name]','$_POST[shout]')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
}
用一个 if 语句就解决了。如果设置了 POST 名称变量,它只会添加一条记录。
你无条件insert连续,所以这是意料之中的。那么,应该具备怎样的条件呢?当然,在页面加载时您不想 insert 大喊大叫,只希望在 POST 上大喊大叫。所以你需要测试请求是否是 post:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// insert the row
}
但即使是POST,也需要测试是否有效,所以查名字喊:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ((isset($_POST["name"])) && (isset($_POST["shout"])) && ($_POST["name"]) && ($_POST["shout"])) {
//insert the row
}
}
不过要注意 SQL injection。