The code below allows my users to add an item ($site) to a table ($find). It works well. But every once in a while, it adds a blank value to the table in addition to the one the value the user adds.
下面的代码允许我的用户将一个项目($ site)添加到表($ find)。它运作良好。但是每隔一段时间,除了用户添加的值之外,它还会向表中添加一个空白值。
Any ideas why?
有什么想法吗?
Thanks in advance,
提前致谢,
John
<?
$find1 = urlencode($find);
print "<div class=\"siteadd\">
<form action='bookprocess.php?find=$find1' method='post'>
Add an item: <input name='site' type='text' size='50'>
<input type='submit' value='Submit'>
</form>
</div>";
?>
Then, on bookprocess.php:
然后,在bookprocess.php上:
<?
$remove_array = array('http://www.', 'http://', 'https://', 'https://www.', 'www.');
$site = str_replace($remove_array, "", $_POST['site']);
$site = strtolower($site);
function check_porn_terms($input){
$porn_terms = array(here are a lot of swear words and porn terms); //add terms here
foreach($porn_terms as $term){
if(substr_count($input, $term) > 0) return false;
}
return true;
}
if(!check_porn_terms($_POST['site']))
{
session_write_close();
header("Location:http://www.site.com/index.php");
exit;
}
mysql_connect("mysqlv10", "username", "password") or die(mysql_error());
mysql_select_db("bookfeather") or die(mysql_error());
$_GET['find'] = $find;
$find = urldecode($find);
$find = mysql_real_escape_string($find);
$site = mysql_real_escape_string($site);
$illegal = array("/", "\"");
$site = str_replace($illegal, '', $site);
mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
?>
1 个解决方案
#1
You should check to be sure the user actually entered something.
您应该检查以确保用户确实输入了某些内容。
Something along the lines of:
有点像:
if(trim($find) && trim($site)) {
mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
} else {
print "You must enter values!";
}
#1
You should check to be sure the user actually entered something.
您应该检查以确保用户确实输入了某些内容。
Something along the lines of:
有点像:
if(trim($find) && trim($site)) {
mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
} else {
print "You must enter values!";
}