所以,我有了一切工作,然后我尝试添加重复插入防止,这一切都打破了。如果有人能帮我,那就太好了!:)
index.php:
<?php
include('dbConfig.php');
?>
<!Doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>Database Solution</title>
</head>
<body>
<?php
$barcode=$_POST['barcode']
$check=mysqli_query($conn,"select * from Barcodes where barcode='$barcode'");
$checkrows=mysqli_num_rows($check);
if(isset($_POST['save']))
{
$sql = "INSERT INTO Barcodes (barcode)
VALUES ('".$_POST["barcode"]."')";
if($checkrows>0) {
echo "barcode exists";
} else {
$result = mysqli_query($conn,$sql);
}
?>
<h2 align="center">Barcode Database</h2>
<style type="text/css">
.fieldset-auto-width {
display: inline-block;
}
</style>
<div class="form">
<form method="post" align="center">
<fieldset class="fieldset-auto-width">
<legend align="center">Enter Barcode:</legend>
<input type="text" name="barcode" size="35"><br/><br />
<button type="submit" name="save">Input</button>
</fieldset>
</form>
</div>
<p align="center">© 2018 Nathaniel</p>
</body>
</html>
dbConfig.php:
$conn=mysqli_connect("localhost","n****ec_**s","****","n******_***");
if(!$conn)
{
die("Connection failed: " . mysqli_connect_error());
}
?>
有没有办法解决这个问题?我可能是在装傻,但我希望有人能帮我解决这个问题。
发布于 2018-06-10 06:40:49
您的代码中有两个非常基本的问题。你真的应该深入了解这些问题是什么,以及如何调试它们。不管怎样,下面是代码:
<?php
include('dbConfig.php');
?>
<!Doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>Database Solution</title>
</head>
<body>
<?php
$barcode=$_POST['barcode'];
$check=mysqli_query($conn,"select * from Barcodes where barcode='$barcode'");
$checkrows=mysqli_num_rows($check);
if(isset($_POST['save']))
{
$sql = "INSERT INTO Barcodes (barcode) VALUES ('".$_POST["barcode"]."')";
if($checkrows>0) {
echo "barcode exists";
} else {
$result = mysqli_query($conn,$sql);
}
}
?>
<h2 align="center">Barcode Database</h2>
<style type="text/css">
.fieldset-auto-width {
display: inline-block;
}
</style>
<div class="form">
<form method="post" align="center">
<fieldset class="fieldset-auto-width">
<legend align="center">Enter Barcode:</legend>
<input type="text" name="barcode" size="35"><br/><br />
<button type="submit" name="save">Input</button>
</fieldset>
</form>
</div>
<p align="center">© 2018 Nathaniel</p>
</body>
</html>
第23行缺少分号
$barcode=$_POST['barcode'];
并且在if语句后缺少右括号:
if(isset($_POST['save']))
{
$sql = "INSERT INTO Barcodes (barcode) VALUES ('".$_POST["barcode"]."')";
if($checkrows>0) {
echo "barcode exists";
} else {
$result = mysqli_query($conn,$sql);
}
}
同样,就像注释所说的,尝试实现参数化查询一样,这段代码对sql注入是开放的。
发布于 2018-06-10 07:13:31
<?php
if(isset($_POST['save']))
{
$barcode=$_POST['barcode'];
$check=mysqli_query($conn,"select * from Barcodes where barcode='".$barcode."'");
$checkrows=mysqli_num_rows($check);
if($checkrows==0) {
$sql = "INSERT INTO Barcodes (barcode) VALUES ('".$_POST["barcode"]."')";
$result = mysqli_query($conn,$sql);
}else{
echo "barcode exists";
}
}
?>
https://stackoverflow.com/questions/50778946
复制相似问题