所以我在考虑jQuery ajax的序列化部分存在问题。它不会将任何信息放入数据库,我不知道为什么!很显然,网页输入控件的变量没有被传递到php处理页面。我在这里做错了什么?在这里与这些人需要一些帮助!这对我来说是非常新的。数据未插入到数据库中
网页:
<form name="main_form" id="main_form" method="post">
<div id="ChangeAddressDialog" title="Change of Address">
<p>Mailing Address: <input type="text" id="Address1" name="Address1" /></p>
<p>Mailing Address 2: <input type="text" id="Address2" name="Address2" /></p>
<p>City: <input type="text" id="City" name="City" /></p>
<p>State: <input type="text" id="State" name="State" maxlength="2" /></p>
<p>Zip Code: <input type="text" id="Zip" id="Zip" maxlength="10" /></p>
<p>Country: <input type="text" id="County" name="Country" /></p>
<input type="hidden" id="change_of_address_form" name="change_of_address_form" />
</div>
</form>
$('#ChangeOfAddress').click(function() {
//change of address dialog
$("#ChangeAddressDialog").dialog({
width:500,
modal:true,
closeOnEscape:true,
buttons: [
{ text: "Ok", type: "submit", click: function() {
$.ajax({
url: "classes/add-address.php",
type: "POST",
data: $("#main_form").serialize(),
dataType: 'json',
error: function(SMLHttpRequest, textStatus, errorThrown){
alert("An error has occurred making the request: " + errorThrown)
},
success: function(result){
//do stuff here on success such as modal info
//$("#main_form").submit();
$(this).dialog("close");
}
})
}
},
{ text: "Close", click: function() { $(this).dialog("close"); } } ]
});//end dialog
});
PHP处理页面:
<?php
require_once('../config.php');
//$sqlCheck = '';
$parcel_id = isset($_POST['ParcelId']) ? $_POST['ParcelId'] : null;
$address1 = isset($_POST['Address1']) ? $_POST['Address1'] : null;
$address2 = isset($_POST['Address2']) ? $_POST['Address2'] : null;
$city = isset($_POST['City']) ? $_POST['City'] : null;
$state = isset($_POST['State']) ? $_POST['State'] : null;
$zip = isset($_POST['Zip']) ? $_POST['Zip'] : null;
$country = isset($_POST['Country']) ? $_POST['Country'] : null;
$db = new ezSQL_mysql(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
$result = $db->query("INSERT INTO change_of_address (parcel_id, address_1, address_2, City, State, Zip, Country) VALUES ('" . $parcel_id . "','" . $address1 . "','" . $address2 . "','" . $city . "','" . $state . "','" . $zip . "','" . $country . "')");
if ($result == 1) {
echo '{"success":true}';
} else {
echo '{"success":false}';
}
//$sqlCheck = "INSERT INTO change_of_address (parcel_id, address_1, address_2, City, State, Zip, Country) VALUES ('" . $parcel_id . "','" . $address1 . "','" . $address2 . "','" . $city . "','" . $state . "','" . $zip . "','" . $country . "')";
//echo json_encode($sqlCheck);
?>
**警告**:这看起来[恐怖不安全](http://bobby-tables.com/),为了您的利益,我希望这不在公共互联网上。您需要确保任何和所有用户参数[妥善转义](http://bobby-tables.com/php),否则您将面临严重的应用程序危害风险。只要有可能,请使用准备好的语句和占位符,以确保您不会遇到此类错误。 ['ezSQL_mysql'](http://docs.phpvms.net/internals/d5/d95/classez_s_q_l__mysql.html)确实有一个'escape'功能,你**迫切需要**使用。 – tadman 2014-12-03 19:37:04
@JonathanKuhn ooo谢谢你错过了!我将它添加到表单标签,但仍然没有插入数据库:/ – maryjane 2014-12-03 19:46:59
@tadman没有其内部。我需要得到它的功能,然后解决安全问题。老板只是想把它拿出来,所以他们可以“玩”它 – maryjane 2014-12-03 19:50:37