3
试图在我的网站上创建评论应用程序。 尽管“发布”到AJAX javaScript文件,但数据未正确插入。 这里是主页:http://micromedia.vaniercollege.qc.ca/home/nortonb/php/mySQL php AJAX数据没有从AJAX js文件插入
作品:[email protected]传:
可以使用已注册的用户插入注释SN (注:警报是从JS/ajax.js)
- 包括主页上的DB/comments.php文件显示评论
- 包括对JS/ajax.js文件上提交
传递信息通过以comment_ins.php jax.js文件
<input name="submit" type="button" class="indent" value="add your comment" onclick="loadXMLDoc('db/comments_ins.php')">
不起作用:
如果用户的电子邮件并没有在数据库,comment_ins.php显示与firstName和lastName投入另一种形式存在。
它使用相同的ajax.js文件,但现在db/comments_add_user.php插入新用户,然后将其注释插入到相关表中。
(注:该参数被传递到ajax.js文件,但该信息未在数据库提交)
我曾尝试: 难的编码DB/comments_add_user.php工程数据
-passing从常规形式的信息,但仍然使用JS/ajax.js工作提前
http://micromedia.vaniercollege.qc.ca/home/nortonb/php/c_test.htm
感谢。 布鲁斯
这里是我的index.php文件的胆量:
<h4>Comments</h4>
<article id="comms">
<form name="intro" action="" method="post">
<fieldset>
<legend>Add your comment</legend>
<label for="comment">
Comments:<br /><textarea name="comment" id="comment" cols="30" rows="5" class="indent"></textarea><br />
</label>
<label for="email">
Email:<br /><input name="email" id="email" type="text" size="32" class="indent"/>
<span id="emailMessage"></span>
</label><br />
<label for="password">
Password:<br /><input name="password" id="password" type="password" size="32" class="indent"/>
<span id="passwordMessage"></span>
</label><br />
<input name="submit" type="button" class="indent" value="add your comment" onclick="loadXMLDoc('db/comments_ins.php')">
</fieldset>
</form>
<?php include("db/comments.php"); ?>
</article>
这里是JS/ajax.js文件:
// JavaScript Document
function loadXMLDoc(xmlDoc){
var xmlhttp;
if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}else{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function(){
if (xmlhttp.readyState==4 && xmlhttp.status==200){
document.getElementById("comms").innerHTML=xmlhttp.responseText;
}
}
var commentValue=encodeURIComponent(document.getElementById("comment").value);
var emailValue=encodeURIComponent(document.getElementById("email").value);
var passwordValue=encodeURIComponent(document.getElementById("password").value);
var parameters="comment="+commentValue+"&email="+emailValue+"&password="+passwordValue;
//if a new user then add these things
if(document.getElementById("firstName")){
var firstNameValue=encodeURIComponent(document.getElementById("firstName").value);
var lastNameValue=encodeURIComponent(document.getElementById("lastName").value);
//parameters are formatted in name=value pairs
var parameters="firstName="+firstNameValue+"&lastName="+lastNameValue+"&comment="+commentValue+"&email="+emailValue+"&password="+passwordValue;
}
alert(xmlDoc + " parameters: "+parameters);
xmlhttp.open("POST", xmlDoc, true);//true = asynchronous
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send(parameters);
}
这里是DB/comments_ins.php (这看起来工作正常)
<?php
//comments_ins.php adds new comments to the database
//if the user has already registered, the comment is displayed
//else a form is displayed for new users keeping the comment and email from the original comment form
//to do list:
// ??? should I combine this into comments.php?
// ??? should I separate the forms into a separate .php file with a conditional for new users?
//fix scrolling issue?
//jQuery? AJAX?
include 'includes/mysqli_connect.php';
//get the posted info
echo("comments_ins.php<br />");
if(isset($_POST["comment"])){
$password = trim($_POST["password"]);
$hashedPassword = hash(sha256,$password);
$email = trim($_POST["email"]);
$comment = trim($_POST["comment"]);
//see if user exists
$query = "select * from users where email = '$email' and password = '$hashedPassword' limit 1";//adding limit 1 speeds up the query on big tables
$result = mysqli_query($link, $query);
//get response from database
if($result = mysqli_query($link, $query)){
$numrows = $result->num_rows;
//echo ('found '.$numrows.' user: <br>'. $firstName.'<br>');
while ($row = $result->fetch_object()) {
$userArray[] = array('userID'=>$row->userID,
'firstName'=>$row->firstName,
'lastName'=>$row->lastName,
'email'=>$row->email
);//line breaks for readability
}
$verifiedUserID = $userArray[0]['userID'];//get userID for insert below
//echo("\$verifiedUserID: ".$verifiedUserID);
}else{
// This means the query failed
echo("errr...");
echo $mysqli->error;
}
//if the user already exists...
if($numrows > 0){//should add something if numrows > 1 i.e. for duplicate users!!
//echo("user is registered <br />");
$commentQuery="INSERT INTO comments (comment, userID) VALUES ('$comment', '$verifiedUserID')";
$commentResult = mysqli_query($link, $commentQuery);
//get response from database
$commentNum = mysqli_affected_rows($link);
echo(mysqli_error());
//echo ('<br />inserted '.$commentNum.' record: <br />'. $comment.'<br />');
include("comments.php");
}else{//if the user does not exist
echo("Please register to display your comment: <br />");
?>
<form name="intro" action="" method="post">
<fieldset>
<legend>Register to share your comment:</legend>
<label for="firstName">
First Name: <br />
<input name="firstName" id="firstName" type="text" class="indent" size="32" />
<span id="firstMessage"></span>
</label>
<br />
<label for="lastName">
Last Name:<br />
<input name="lastName" id="lastName" type="text" class="indent" size="32" />
<span id="lastMessage"></span>
</label>
<br />
<label for="email">
Email:<br />
<input name="email" id="email" type="text" size="32" class="indent" value="<?php echo($email); ?>"/>
<span id="emailMessage"></span>
</label>
<br />
</label>
<label for="password">
Password:<br />
<input name="password" id="password" type="password" size="32" class="indent"/>
<span id="passwordMessage"></span>
</label>
<br />
<label for="comment">
Edit your comment?<br />
<textarea name="comment" id="comment" cols="30" rows="5" class="indent"><?php echo($comment); ?></textarea>
</label> <br />
<input name="submit" type="submit" class="indent" value="join us" onclick="loadXMLDoc('db/comments_add_user.php')"/>
<p class="note">(Of course we will keep your stuff private!!)</p>
</fieldset>
</form>
<?php
}//end else($numrows <=0)
//close connection
mysql_close($link);
}
?>
而这里是comments_add_user.php文件(CAL时不起作用从JS/ajax.js文件导致但从
<?php
include 'includes/mysqli_connect.php';
//get the posted info
echo("hi mom");
$firstName = $_POST["firstName"];//"Two";//
$lastName = $_POST["lastName"];//"Two";//
$password = $_POST["password"];//"Two";//
$hashedPassword = hash(sha256,$password);
$email = $_POST["email"];//"Two";//
$comment = $_POST["comment"];//"Two";//
echo($firstName." from comments_add_user.php<br>");
//since email does not exist,
$query="INSERT INTO users (firstName, lastName, password, email) VALUES ('$firstName', '$lastName', '$hashedPassword', '$email')";
$result=mysqli_query($link, $query);
//get response from database
$num= mysqli_affected_rows($link);
echo(mysqli_error());
echo ('inserted '.$num.' record: <br>'. $firstName.'<br>');
//** add error checking ?!?
//get the userID for the new user
$userQuery = "select userID from users where email = '$email' limit 1";//adding limit 1 speeds up the query on big tables
$userResult = mysqli_query($link, $userQuery);
//get response from database
if($userResult = mysqli_query($link, $userQuery)){
$numrows = $userResult->num_rows;
echo ('found '.$numrows.' user: <br>'. $firstName.'<br>');
while ($row = $userResult->fetch_object()) {
$userArray[] = array('userID'=>$row->userID);//line breaks for readability
}
$newUserID = $userArray[0]['userID'];//get userID for insert below
//echo("\$verifiedUserID: ".$verifiedUserID);
}else{
// This means the query failed
echo("errr...");
echo $mysqli->error;
}
//now insert the comment
$commentQuery="INSERT INTO comments (comment, userID) VALUES ('$comment', '$newUserID')";
$commentResult=mysqli_query($link, $commentQuery);
//get response from database
$commentNum= mysqli_affected_rows($link);
echo(mysqli_error());
echo ('inserted '.$commentNum.' record: <br>'. $comment.'<br>');
echo('<br><a href="comments_display.php">display all comments</a><br />');
//close connection
mysql_close($link);
?>
你有好的SQL注入漏洞......如果有人开着一辆卡车通过它们进入你的服务器,那该多糟糕。 –
感谢Mark B.我知道我应该在发布之前插入它们。 –
没有更多的卡车。增加了一些削减和剥离。计划添加准备好的语句,一旦我得到这个工作。再次感谢Mark B. –