gpt4 book ai didi

php - 使用 PHP 和页面安全性将记录添加到 MySQL

转载 作者:行者123 更新时间:2023-11-29 12:59:24 26 4
gpt4 key购买 nike

这是创建一个 PHP 页面以将数据添加到表中的努力。我在第 79 行遇到解析错误,所以我已经摆弄它有一段时间了:

Parse error: syntax error, unexpected T_STRING in /home/sharah19/dev.rahmaninet.org/new.php on line 79

我还有另一个问题:确保此页面安全的最简单方法是什么?那么只有通过登录页面验证的用户才能添加记录?

new.php的内容:

<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/

// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first, $last,$email, $error)
{

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Add a New Record</title>
<link href="rahmani.css" rel="stylesheet">
</head>
<body>
<div id="main">
<h1>RahmaniNET CRM System</h1>
<?php include("header.php"); ?>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<div>
<strong>First Name: *</strong> <input type="text" name="first_name" value="<?php echo $first_name; ?>" /><br/>
<strong>Last Name: *</strong> <input type="text" name="last_name" value="<?php echo $last_name; ?>" /><br/>
<strong>email: *</strong> <input type="text" name="email" value="<?php echo $email; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">


</div>
</div>
</form>
</body>
</html>
<?php
}




// connect to the database
include('connect-db.php');


// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$first_name = mysql_real_escape_string(htmlspecialchars($_POST['first_name']));
$last_name = mysql_real_escape_string(htmlspecialchars($_POST['last_name']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));

// check to make sure both fields are entered
if ($first_name == '' || $last_name == ''|| $email == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

// if either field is blank, display the form again
renderForm($first_name, $last_name, $email, $error);
}
else
{
// save the data to the database
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email' )
or die(mysql_error());

// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('$first', '$last','$email', $error);
}
?>

最佳答案

错误来自于 MySQL 查询缺少结束引号:

mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email   ='$email') or die(mysql_error());

应该是:

mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email   ='$email'") or die(mysql_error());

你还问:

Also I have another question: Whats the easiest way to make this page secure? So only users who are authenticated through the login page can add a record?

如果您使用 Apache,那么您应该使用 Apache AuthType Basic。更多详情are here 。详情请参阅“Getting it working.”

关于php - 使用 PHP 和页面安全性将记录添加到 MySQL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23568744/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com