0
我制作了一个表单,允许用户在输入正确的优惠券代码时提交和更新他们的广告,但我无法收到消息“无效的优惠券代码”。在输入错误的优惠券代码时进行回显。用户输入错误代码时不会弹出消息
继承人我的代码:
<? require("connect.php"); ?>
<form action="advertisement.php" method="POST" enctype="multipart/form-data">
<table width="50%" border="0" cellspacing="0" cellpadding="8">
<tr>
<td><div align="right"> Apartment:</div></td>
<td><select name="apartment" id="apartment">
<option>Place Ad In Which Apartment...</option>
<option value="0">Archstone La Jolla</option>
<option value="1">Archstone La Jolla Colony</option>
<option value="2">Archstone UTC</option>
<option value="3">Canyon Park</option>
<option value="4">Costa Verde Village</option>
<option value="5">Costa Verde Towers</option>
<option value="6">La Jolla Crossroads</option>
<option value="7">La Jolla Del Sol</option>
<option value="8">La Jolla International Garden</option>
<option value="9">La Jolla Palms</option>
<option value="10">La Mirada</option>
<option value="11">La Regencia</option>
<option value="12">La Scala</option>
<option value="13">Las Flores</option>
<option value="14">The Villas</option>
<option value="15">Nobel Court</option>
<option value="16">Pacific Gardens</option>
<option value="17">Regents Court</option>
<option value="18">Regents La Jolla</option>
<option value="19">Trieste</option>
<option value="20">Valentia</option>
<option value="21">Whispering Pines</option></select></td>
</tr>
<tr>
<td><div align="right">Description:</div></td>
<td><textarea name="description" id="description" cols="55" rows="7" wrap="VIRTUAL"></textarea></td>
</tr>
<tr>
<td><div align="right">Coupon Code:</div></td>
<td><input type="text" name="code" size="60"></td>
</tr>
<tr>
<td></td>
<td><div align="left">
<input type="reset" value="Clear">
<input type="submit" name="submit" value="Submit"></div></td>
</tr>
</table>
</form>
<?php
$description = $_POST['description'];
$apartment = $_POST['apartment'];
$code = $_POST['code'];
//retrieve data from password table
$query = mysql_query ("SELECT * FROM coupon WHERE code = '$code' ");
//get number of rows in table
$numrows = mysql_num_rows ($query);
if ($numrows !=0)
{
// gather all codes
while ($row = mysql_fetch_assoc ($query))
{
//retrieve code from database to match with the code that was put into field
$dbcode = $row['code'];
}
//check to see if they match
if ($code == $dbcode)
{
//check to see if coupon code is in both consumer and coupon tables
$query2 = mysql_query ("SELECT * FROM consumer WHERE code = '$code' ");
$numrows2 = mysql_num_rows ($query2);
while ($row2 = mysql_fetch_assoc ($query2))
{
$consumercode = $row2['code'];
}
if($dbcode == $consumercode)
{
$update = mysql_query ("UPDATE consumer SET description = '$description' WHERE code ='$code' ");
echo "Advertisement successfully updated.";
}
//if coupon not in both tables then they haven't posted advertisement yet
else
{
$time = time();
$day = 30;
$exp = $time + ($day * 86400);
mysql_query ("INSERT INTO consumer VALUES ('','$description', '$exp', '$apartment', '$code')");
mysql_query ("UPDATE coupon SET exp = '$exp' WHERE code ='$code' ");
echo "Your advertisement has been successfully submitted.";
}
}
else
echo "Invalid coupon code.";
}
else
echo "";
?>
如果($ numRows行!= 0)是你的问题, $ numrows> 0 – Ibu 2011-04-22 08:11:28
请使用mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php“>或准备好的语句来防止SQL注入攻击http:// en。 wikipedia.org/wiki/Sql_injection – Belinda 2011-04-22 09:04:43