I am new to php i have made a form where i have two fields Code and Name and i need to validate the value of name that it is already in the database but when i am inserting the value in uppercase its not validating the value of name in both uppercase & lowercase vice versa here is my code
我是php的新手我已经创建了一个表单,我有两个字段Code和Name,我需要验证它已经在数据库中的名称的值,但是当我以大写形式插入值时,它不验证name的值在大写和小写中反之亦然这是我的代码
if(mysql_query("SELECT * FROM country "
."WHERE $_POST['name']='$name' and $_POST['code']='$code'" )))
{
echo "Sorry! Your details are already in our database";
} else {
[...]
}
2 个解决方案
#1
1
Basically, your columns are incorrect in your SQL statement (for one). Also, as other people have noted, please use the mysqli_* or PDO families of SQL statements.
基本上,您的SQL语句中的列不正确(对于一个)。另外,正如其他人所说,请使用mysqli_ *或PDO系列的SQL语句。
<?php
$count = 0;
$name = strtolower(mysql_real_escape_string(isset($_POST['name']) ? $_POST['name'] : ""));
$code = strtolower(mysql_real_escape_string(isset($_POST['code']) ? $_POST['code'] : ""));
$query = "SELECT name FROM country WHERE LOWER(name)='".$name."' AND LOWER(code)='".$code."'";
$result = mysql_query($query);
if($result != null)
{
$count = mysql_num_rows($result);
}
if($count <= 0)
{
echo "Sorry! Your details are already in our database";
}
else
{
// ...
}
?>
#2
-1
1) Never use $_POST directly because your code is unsafe. You need to filter this data. Here are some filter functions in PHP http://php.net/manual/fr/function.filter-var.php.
1)切勿直接使用$ _POST,因为您的代码不安全。您需要过滤此数据。以下是PHP http://php.net/manual/fr/function.filter-var.php中的一些过滤函数。
$username = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$code = filter_var($_POST['code'], FILTER_SANITIZE_STRING);
Only then you can consider querying the database with these values.
只有这样,您才可以考虑使用这些值查询数据库。
2) If available to you I recommand you to use PDO http://php.net/manual/fr/book.pdo.php
2)如果您有空,我建议您使用PDO http://php.net/manual/fr/book.pdo.php
#1
1
Basically, your columns are incorrect in your SQL statement (for one). Also, as other people have noted, please use the mysqli_* or PDO families of SQL statements.
基本上,您的SQL语句中的列不正确(对于一个)。另外,正如其他人所说,请使用mysqli_ *或PDO系列的SQL语句。
<?php
$count = 0;
$name = strtolower(mysql_real_escape_string(isset($_POST['name']) ? $_POST['name'] : ""));
$code = strtolower(mysql_real_escape_string(isset($_POST['code']) ? $_POST['code'] : ""));
$query = "SELECT name FROM country WHERE LOWER(name)='".$name."' AND LOWER(code)='".$code."'";
$result = mysql_query($query);
if($result != null)
{
$count = mysql_num_rows($result);
}
if($count <= 0)
{
echo "Sorry! Your details are already in our database";
}
else
{
// ...
}
?>
#2
-1
1) Never use $_POST directly because your code is unsafe. You need to filter this data. Here are some filter functions in PHP http://php.net/manual/fr/function.filter-var.php.
1)切勿直接使用$ _POST,因为您的代码不安全。您需要过滤此数据。以下是PHP http://php.net/manual/fr/function.filter-var.php中的一些过滤函数。
$username = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$code = filter_var($_POST['code'], FILTER_SANITIZE_STRING);
Only then you can consider querying the database with these values.
只有这样,您才可以考虑使用这些值查询数据库。
2) If available to you I recommand you to use PDO http://php.net/manual/fr/book.pdo.php
2)如果您有空,我建议您使用PDO http://php.net/manual/fr/book.pdo.php