所以,我到处都在研究这个,我不明白为什么要插入空白。我在另一个文件中使用了几乎相同的代码,而这一个运行良好。有什么帮助吗?
<?php
//Connection
$first_name = mysqli_real_escape_string($_POST [' first_name ']) ;
$last_name = mysqli_real_escape_string($_POST [' last_name ']) ;
$email = mysqli_real_escape_string($_POST [' email ']) ;
$message = mysqli_real_escape_string($_POST [' message ']) ;
$insert_sql = "INSERT INTO generaldis (first_name, last_name, email, message)
VALUES ('$first_name', '$last_name' , '$email' , '$message');";
if (!mysql_query($insert_sql,$link))
{
die('Error: ' . mysql_error());
}
echo '<h1>Whoop! Your Message Has Been Posted!</h1><br><p><a href="http://example.com ">Click Here To Go Back</a></p>';
?>
最佳答案
试试这个:
$fields = array(
'first_name' => "/[a-zA-Z-_]+/",
'last_name' => "/[a-zA-Z-_]+/",
'email' => '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/',
'message' => null
);
$permit = true;
foreach($fields AS $field => $regexp) {
if(is_null($regexp)) continue;
if(!preg_match($regexp, $_REQUEST[$field])) {
$permit = false;
break;
}
}
if($permit) {
$query = "INSERT INTO general_dis SET ";
$values = array();
foreach($fields AS $field => $regexp) {
$value = $_REQUEST[$field];
if(is_null($regexp)) {
$value = mysql_real_escape_string($value);
}
$values[] = "`".$field."`='".$value."' ";
}
$values = implode(', ', $values);
$query .= $values;
mysql_query($query);
}