php表单onsubmit事件加载值为0的新页面
我对 php 的一切都是全新的,但我已经设法将下面的表格拼凑在一起。但由于某种我不明白的原因,每次我点击提交按钮时,它都会转到一个值为 0 的新页面。这是页面
http://upcycledonline.com/test/Site/myform2.php
<?php
if($_POST['formSubmit'] == "Submit"){
$errorMessage = "";
if(empty($_POST['formEmail'])){
$errorMessage .= "<li>You forgot to enter your email</li>";
}
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
//$varEmail = $_POST['formEmail'];
if(empty($errorMessage)){
$db = mysql_connect("server","id","password");
if(!$db)
die("Error connecting to MySQL database.");
mysql_select_db("tableName" ,$db);
$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
mysql_query($sql);
//$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
//$results = mysql_query($sql);
//$sql = "INSERT INTO emails (emails)"
//. "VALUES ('{$varEmail}');
//mysql_query($sql);
// echo "Details added";
// $_SESSION['status'] = 'success';
}
//header("Location: thankyou.html");
exit();
}
function PrepSQL($value){
// Stripslashes
if(get_magic_quotes_gpc()){
$value = stripslashes($value);
}
// Quote
//this is how I should be doing the escape thing
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
这是形式
<?php
if(!empty($errorMessage)){
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"
method="post" onSubmit="alert('Thank you. Your email has been added.')">
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
<input type="submit" name="formSubmit" value="Submit" />
</form>
I am totally new to all things php but I have managed to piece meal together the below form. But for some reason that I don't understand, everytime I hit the submit button it goes to a new page with a value of 0 on it. Here is the page
http://upcycledonline.com/test/Site/myform2.php
<?php
if($_POST['formSubmit'] == "Submit"){
$errorMessage = "";
if(empty($_POST['formEmail'])){
$errorMessage .= "<li>You forgot to enter your email</li>";
}
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
//$varEmail = $_POST['formEmail'];
if(empty($errorMessage)){
$db = mysql_connect("server","id","password");
if(!$db)
die("Error connecting to MySQL database.");
mysql_select_db("tableName" ,$db);
$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";
mysql_query($sql);
//$sql = ("INSERT INTO emails(email) VALUES ('%s')".mysql_real_escape_string($varEmail));
//$results = mysql_query($sql);
//$sql = "INSERT INTO emails (emails)"
//. "VALUES ('{$varEmail}');
//mysql_query($sql);
// echo "Details added";
// $_SESSION['status'] = 'success';
}
//header("Location: thankyou.html");
exit();
}
function PrepSQL($value){
// Stripslashes
if(get_magic_quotes_gpc()){
$value = stripslashes($value);
}
// Quote
//this is how I should be doing the escape thing
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
and here is the form
<?php
if(!empty($errorMessage)){
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form id="emailForm" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"
method="post" onSubmit="alert('Thank you. Your email has been added.')">
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
<input type="submit" name="formSubmit" value="Submit" />
</form>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果它们位于一个文件中,则仍然存在一些问题。
而不是:
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
尝试:
$varEmail = mysql_real_escape_string($_POST['formEmail']);
这应该将代码带到 mysql 部分,然后它就会退出。
header 命令可用于重定向到“谢谢”页面,或者仅回显成功或失败。
然后在数据库中查找数据。 :)
顺便说一句:
您几乎在 PrepSql 函数中拥有它,但没有使用它。
所以你可以这样做: $varEmail = PrepSql($_POST['formEmail']);
不过请注意额外的“”。
为尽早学习逃避数据而欢呼! :)
编辑:
您可能会在表单的输入行上收到错误
...您正在使用“短标签”,这意味着您跳过了以下内容中的“php”:
。还缺少“回声”。您可以删除该部分 - 因为您从用户输入中获取值。
这与我在机器上的输入相呼应(注释掉测试的 sql):
If they are in one file, it still has a few issues.
Instead of:
$varEmail = ($_POST['formEmail'].mysql_real_escape_string);
Try:
$varEmail = mysql_real_escape_string($_POST['formEmail']);
This should bring the code to the mysql part, and then it will just exit.
The header command can be used to redirect to a "thank you" page, or just echo if success or fail.
Then look for data in your database. :)
BTW:
You almost had it in the PrepSql function, but it is not used.
So you could do: $varEmail = PrepSql($_POST['formEmail']);
Mind the extra '' though.
And cheers for learning to escape data early on! :)
Edit:
You might get an error on the input line in the form where it says
<?$varEmail;?>...There you are using "short tag", meaning you skip the "php" in:
<?php echo $myVar;?>. Also missing "echo".You can just remove that part - since you get the value from user input.
This echoes my input on my machine (commented out sql for the test):