When we write to a database in a PHP project, it is sometimes because the code does not do SQL injection, causing various unpredictable errors *******
1,index.htm This is a very simple registration page L This is to submit data in AJAX form
Copy Code code as follows:
<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">
<html xmlns= "http://www.w3.org/1999/xhtml" >
<head>
<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>
<title>RegisterForm</title>
<script type= "Text/javascript" src= ' jquery-1.3.1.js ' ></script>
</head>
<body>
<h1>this is a test form! </h1>
<font color= "#8b0000" ><table class= ' TB ' border= "0" cellpadding= "5" cellspacing=0>
<form action= ' _process.php ' method= ' post ' enctype= ' Multipart/form-data ' >
<TR><TD class= "Tdleft" ><em>user: </em></td><td><input type= ' text ' id= ' name ' Name= ' name ' value= ' size=15/></td></tr>
<TR><TD class= "Tdleft" ><em>ages: </em></td><td><input type= ' text ' id= ' ages ' Name= ' ages ' value= ' size=15/></td></tr>
<TR><TD class= "Tdleft" ><em>pass: </em></td><td><input type= ' password ' id= ' Password ' name= ' password ' value= ' size=15/></td></tr>
<TR><TD class= "Tdleft" ><em>addr: </em></td><td><input type= ' text ' id= ' addr ' Name= ' addr ' value= ' size=15/></td></tr>
<TR><TD class= "Tdleft" ><em>email: </em></td><td><input type= ' text ' name= ' Email ' id= ' email ' value= ' size=15/></td></tr>
<TR><TD class= "Tdleft" ><input type= ' button ' value= ' register ' id= ' but '/></td><td>< Input type= ' reset ' value= ' reseting '/></td></tr>
</form>
</table></font>
<span id= ' msg ' style= ' display:none ' > Loading ... ...</span>
<p id= "Result" class= "" ></p>
<style type= "Text/css" >
Body{text-align:center;}
. error{color:red;}
. tb{margin:0 Auto;width:350px;height:200px;text-align:center;}
. Tdleft{width:150px;text-align:left;}
</style>
<script type= ' Text/javascript ' >
$ ("#but"). Click (function () {
var name = $.trim ($ ("#name"). Val ());
var ages = $.trim ($ ("#ages"). Val ());
var pn =/^\d+$/;
var addr = $.trim ($ ("#addr"). Val ());
var pass = $.trim ($ ("#password"). Val ());
var email = $.trim ($ ("#email"). Val ());
var reg =/^[a-za-z0-9_]+@[a-za-z0-9_]+ (\.[ a-za-z]+) +$/gi;
if (name.length==0) {
Alert ("Please fill in the name carefully!"); return false;
}
if (ages.length==0) {
Alert ("Please fill in age!"); return false;
}
if (!pn.test (ages)) {
Alert ("Please fill in a valid number!"); return false;
}
if (pass.length==0| | PASS.LENGTH>6) {
Alert ("Please fill in the password carefully!"); return false;
}
if (addr.length==0) {
Alert ("Please fill in the address carefully!"); return false;
}
if (email.length==0) {
Alert ("Please fill in the Mail carefully!"); return false;
}
if (!reg.test (email)) {
Alert ("E-mail detection failed");
}
var send = {' name ': Name, ' ages ': Ages, ' pass ':p, ' addr ': addr, ' email ': email};
$.post (' _process.php ', send,function (data) {
if (data.res==-1) {
$ ("#result"). AddClass ("error");
}
$ ("#result"). HTML (DATA.MSG);
$ ("form") [0].reset ();
}, ' json ');
})
$ ("#msg"). Ajaxstart (function () {
$ (this). FadeIn ();
}). Ajaxstop (function () {
$ (this). Fadeout ();
})
</script>
</body>
</html>
2,_process.php receive AJAX submit data and do related processing files
Copy Code code as follows:
<?php
Header (' Content-type:text/html;charset=utf-8 ');
Sleep (1);
$conn = Mysqli_connect ("localhost", "root", "root", "register") or Die ("Unable to connect!"). Mysqli_connect_error ());
Mysqli_query ($link, "Set names UTF8");
$name = isset ($_post[' name ')? Mysqlquotes (Trim ($_post[' name ')): ';
$ages = Isset ($_post[' ages '])? Intval (Trim ($_post[' ages ')): ';
$pass = isset ($_post[' pass '])? Mysqlquotes (Trim ($_post[' pass ')): ';
$ADDR = isset ($_post[' addr '])? Mysqlquotes (Trim ($_post[' addr ')): ';
$email = isset ($_post[' email ')]? Mysqlquotes (Trim ($_post[' email ')): ';
if (empty ($name)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your name carefully '));
}
Query username exists in the Tb_register table, does not exist, and exists to inform registered
$sql 0 = "SELECT COUNT (1) as Nums from Tb_register where Username= ' {$name} '";
$row 0 = Select_one ($conn, $sql 0);
if ($row 0[' nums ']>=1) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Sorry, the username has been registered! ')); Exit
}
if (empty ($ages)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your age carefully '));
}
if (!preg_match ("/^\d+$/", $ages)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter a valid number ');
}
if (empty ($pass)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your password carefully '));
}
if (empty ($addr)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your address carefully '));
}
if (empty ($email)) {
echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your mailbox carefully '));
}
if (!preg_match ("/^[a-za-z0-9_]+@[a-za-z0-9_]+ \.[ a-za-z]+) +$/", $email))" {
echo json_encode (Array (' res ' =>-1, ' msg ' => ' Your mailbox is not in the correct format '));
}
$add _day = Date ("Ymdhis");
The following is the warehousing operation
$sql = "INSERT into Tb_register set username= ' {$name} ', ages= ' {$ages} ', password= ' {$pass} ', address= ' {$addr} ', Email= ' {$ email} ', add_day= ' {$add _day} ';
Mysqli_query ($conn, $sql);
echo Json_encode (' res ' =>1, ' msg ' => ' Congratulations, registration successful! ')); Exit
Prevent MySQL injection attack function inbound data
function Mysqlquotes ($content) {
if (!GET_MAGIC_QUOTES_GPC ())///first check to see if the automatic filtering mechanism is turned on and manually add function filtering
{
$content = Addslashes ($content);
}
Return Stripslashes (Htmlspecialchars ($content));
}
function Select_one ($conn, $sql) {
$res = Mysqli_query ($conn, $sql) or Die ("Failed". Mysqli_error ());
$result = Array ();
if (!empty ($res)) {
$result = Mysqli_fetch_assoc ($res);
}
Mysqli_free_result ($res);
return $result;
}
The above custom function Mysqlquotes **********
TIPS1, (ps:t good PHP q buckle 峮: 276167802, verify: CSL)
The role of the Addslashes function is to add a backslash to the specified character, with the following special characters
Single quotation mark ('), double quotation mark ("), backslash (\), NULL
TIPS2,
The role of the Htmlspecialchars function is to convert some special characters into HTML entities, which have the following specific characters:
& (and number) ==> &
"(double quotes) ==>"
' (single quotation mark) ==> '
< (less than) ==> <
> (greater than number) ==> >
TIPS3,
The Stripslashes function is to remove the rice slash that was added by the addslashes () function and restore the original touch sample
For example, $username user input is Tom ' Siy
Deposit into the database is a tom\ ' siy with a backslash;
It can be retrieved using stripslashes () to restore the output Tom ' Siy
The above is this article about the AJAX submission form data to the warehousing of the overall operation process, I hope this article for the vast number of PHP developers to help, thank you for reading this article.