我开发了一种将许多东西插入数据库的表单。但是以某种方式,当页面被填满时,它也只插入数据库管理员的user_password。我该如何解决这个问题?
<?php //include the connection file require_once('connection.php'); require_once("validation.php"); if( isset($_POST['send']) && (!validateName($_POST['name']) || !validateEmail($_POST['email']) || !validatePasswords($_POST['pass1'], $_POST['pass2']) || !validateContact($_POST['contact']) || !validateAge($_POST['age'])) ):?> <div id="error"> <ul> <?php if(!validateName($_POST['name'])):?> <li><strong>Invalid Name:</strong> We want names with more than 3 letters.</li> <?php endif?> <?php if(!validateEmail($_POST['email'])):?> <li><strong>Invalid E-mail:</strong> Type a valid e-mail please.</li> <?php endif?> <?php if(!validatePasswords($_POST['pass1'], $_POST['pass2'])):?> <li><strong>Passwords are invalid:</strong> Passwords doesnt match or are invalid!</li> <?php endif?> <?php if(!validateContact($_POST['contact'])):?> <li><strong>Please enter your contact number.</strong></li> <?php endif?> <?php if(!validateAge($_POST['age'])):?> <li><strong>Please enter your age</strong></li> <?php endif?> </ul> </div> <?php elseif(isset($_POST['send'])):?> <div id="error" class="valid"> <ul> <?php $query = "INSERT INTO employee (name, password, email, contact, age, gender, location, skill) "; $query .= "('$name', '$password', '$email','$contact','$age','$gender','$location','$skill')"; // run the query mysql_query($query);?> <li><strong>Congratulations!</strong> All fields are OK ;)</li> </ul> </div> <?php endif?>
*:您可能也想换个字符,PHP中有为此功能,例如htmlentities和mysql_real_escape_string。
