The code below allows my users to add an item ($site) to a table ($find). It works well. But every once in a while, it adds a blank value to the table in addition to the one the value the user adds.

下面的代码允许我的用户将一个项目($ site)添加到表($ find)。它运作良好。但是每隔一段时间,除了用户添加的值之外,它还会向表中添加一个空白值。

Any ideas why?

有什么想法吗?

Thanks in advance,

提前致谢,

John

<?

$find1 = urlencode($find); 

print   "<div class=\"siteadd\">
        <form action='bookprocess.php?find=$find1' method='post'>
        Add an item: <input name='site' type='text' size='50'>
        <input type='submit' value='Submit'>
        </form> 
        </div>";
?>

Then, on bookprocess.php:

然后,在bookprocess.php上:

<?
$remove_array = array('http://www.', 'http://', 'https://', 'https://www.', 'www.');
$site = str_replace($remove_array, "", $_POST['site']);
$site = strtolower($site);

function check_porn_terms($input){
     $porn_terms = array(here are a lot of swear words and porn terms); //add terms here
     foreach($porn_terms as $term){
          if(substr_count($input, $term) > 0) return false;
     }

     return true;
}


if(!check_porn_terms($_POST['site']))
{

   session_write_close();
   header("Location:http://www.site.com/index.php");
   exit;

}


mysql_connect("mysqlv10", "username", "password") or die(mysql_error());
mysql_select_db("bookfeather") or die(mysql_error());

$_GET['find'] = $find;
$find = urldecode($find);
$find = mysql_real_escape_string($find);

$site = mysql_real_escape_string($site);
$illegal = array("/", "\"");
$site = str_replace($illegal, '', $site);

mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
?>

1 个解决方案

if(trim($find) && trim($site)) {
  mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
} else {
  print "You must enter values!";
}

#1

if(trim($find) && trim($site)) {
  mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
} else {
  print "You must enter values!";
}