将表单数据传递给 php 变量。变量似乎是空的
Issue passing form data to php variable. Variable seems empty
我是 PHP/MySQL 的菜鸟。我一直在环顾四周,但我不知道出了什么问题。脚本的目的:更新数据库中 item 1 和 item 2 的值,用户 ID 在 txtUser.
中输入
当我在查询中使用 userId 附近的 "fixed" 值时,我的脚本开始工作。但是,当我尝试使用变量($player)时,它不起作用。好像我的变量是空的...
HTML:
<body>
<form id="form1" action="http://www.something.com/TestScript1.php" method="post" enctype="application/x-www-form-urlencoded">
<div>
<button type="submit" id="submit" value="Submit" title="SAVE">SAVE</button>
</div>
<div>
<input id="txtUser" name="txtUser" type="text" />
<input id="txtItem1" name="txtItem1" type="text" />
<input id="txtItem2" name="txtItem2" type="text" />
</div>
</form>
</body>
PHP :
$host = "localhost";
$user = "username";
$password = "password";
$database = "database";
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
mysqli_select_db($connection,$database) or die ("couldn’t select database");
$item1 = mysqli_real_escape_string($connection,$_POST['txtItem1']);
$item2 = mysqli_real_escape_string($connection,$_POST['txtItem2']);
$query = "UPDATE table SET item1=$item1, item2=$item2 WHERE userId=$player";
$result = mysqli_query($connection,$query)
or die ("couldn’t execute update query: ".mysqli_error($connection));
echo "<h4>Data saved in the database</h4>";
mysqli_close($connection);
?>
请把这行放在
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
$连接后
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
喜欢
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
因为你在 mysqli_real_escape_string 中使用 $connection 变量,甚至在它初始化之前
未为行
定义 $connection
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
请在创建 $connection 后移动此行
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
<?php
$host = "localhost";
$user = "username";
$password = "password";
$database = "database";
$conn = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
mysqli_select_db($conn,$database) or die ("couldn't select database");
/* The $conn object must be declared before first / any calls to mysqli_real_escape_string */
$player = mysqli_real_escape_string($conn,$_POST['txtUser']);
$item1 = mysqli_real_escape_string($conn,$_POST['txtItem1']);
$item2 = mysqli_real_escape_string($conn,$_POST['txtItem2']);
/* Values in query should be encapsulated in quotes if they are strings.. are they? */
$query = "UPDATE `table` SET `item1`='$item1', `item2`='$item2' WHERE userId='$player';";
/* Try not to reveal too many details in the event of an error, reduce the attack surface if possible! */
$result = mysqli_query($conn,$query) or die ("update failed: ");
echo "<h4>Data saved in the database</h4>";
mysqli_close($conn);
?>
我是 PHP/MySQL 的菜鸟。我一直在环顾四周,但我不知道出了什么问题。脚本的目的:更新数据库中 item 1 和 item 2 的值,用户 ID 在 txtUser.
当我在查询中使用 userId 附近的 "fixed" 值时,我的脚本开始工作。但是,当我尝试使用变量($player)时,它不起作用。好像我的变量是空的...
HTML:
<body>
<form id="form1" action="http://www.something.com/TestScript1.php" method="post" enctype="application/x-www-form-urlencoded">
<div>
<button type="submit" id="submit" value="Submit" title="SAVE">SAVE</button>
</div>
<div>
<input id="txtUser" name="txtUser" type="text" />
<input id="txtItem1" name="txtItem1" type="text" />
<input id="txtItem2" name="txtItem2" type="text" />
</div>
</form>
</body>
PHP :
$host = "localhost";
$user = "username";
$password = "password";
$database = "database";
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
mysqli_select_db($connection,$database) or die ("couldn’t select database");
$item1 = mysqli_real_escape_string($connection,$_POST['txtItem1']);
$item2 = mysqli_real_escape_string($connection,$_POST['txtItem2']);
$query = "UPDATE table SET item1=$item1, item2=$item2 WHERE userId=$player";
$result = mysqli_query($connection,$query)
or die ("couldn’t execute update query: ".mysqli_error($connection));
echo "<h4>Data saved in the database</h4>";
mysqli_close($connection);
?>
请把这行放在
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
$连接后
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
喜欢
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
因为你在 mysqli_real_escape_string 中使用 $connection 变量,甚至在它初始化之前
未为行
定义 $connection$player = mysqli_real_escape_string($connection,$_POST['txtUser']);
请在创建 $connection 后移动此行
$connection = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
<?php
$host = "localhost";
$user = "username";
$password = "password";
$database = "database";
$conn = mysqli_connect($host,$user,$password,$database) or die ("connection to server failed");
mysqli_select_db($conn,$database) or die ("couldn't select database");
/* The $conn object must be declared before first / any calls to mysqli_real_escape_string */
$player = mysqli_real_escape_string($conn,$_POST['txtUser']);
$item1 = mysqli_real_escape_string($conn,$_POST['txtItem1']);
$item2 = mysqli_real_escape_string($conn,$_POST['txtItem2']);
/* Values in query should be encapsulated in quotes if they are strings.. are they? */
$query = "UPDATE `table` SET `item1`='$item1', `item2`='$item2' WHERE userId='$player';";
/* Try not to reveal too many details in the event of an error, reduce the attack surface if possible! */
$result = mysqli_query($conn,$query) or die ("update failed: ");
echo "<h4>Data saved in the database</h4>";
mysqli_close($conn);
?>