Ajax to submit form data to the warehousing of the overall operating process to share _ajax related

Source: Internet
Author: User
Tags mysql injection sql injection
When we write to a database in a PHP project, it is sometimes because the code does not do SQL injection, causing various unpredictable errors *******





1,index.htm This is a very simple registration page L This is to submit data in AJAX form


Copy Code code as follows:



<! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">


<html xmlns= "http://www.w3.org/1999/xhtml" >


<head>


<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>


<title>RegisterForm</title>


<script type= "Text/javascript" src= ' jquery-1.3.1.js ' ></script>


</head>


<body>


<h1>this is a test form! </h1>


<font color= "#8b0000" ><table class= ' TB ' border= "0" cellpadding= "5" cellspacing=0>


<form action= ' _process.php ' method= ' post ' enctype= ' Multipart/form-data ' >


<TR><TD class= "Tdleft" ><em>user: </em></td><td><input type= ' text ' id= ' name ' Name= ' name ' value= ' size=15/></td></tr>


<TR><TD class= "Tdleft" ><em>ages: </em></td><td><input type= ' text ' id= ' ages ' Name= ' ages ' value= ' size=15/></td></tr>


<TR><TD class= "Tdleft" ><em>pass: </em></td><td><input type= ' password ' id= ' Password ' name= ' password ' value= ' size=15/></td></tr>


<TR><TD class= "Tdleft" ><em>addr: </em></td><td><input type= ' text ' id= ' addr ' Name= ' addr ' value= ' size=15/></td></tr>


<TR><TD class= "Tdleft" ><em>email: </em></td><td><input type= ' text ' name= ' Email ' id= ' email ' value= ' size=15/></td></tr>


<TR><TD class= "Tdleft" ><input type= ' button ' value= ' register ' id= ' but '/></td><td>< Input type= ' reset ' value= ' reseting '/></td></tr>


</form>


</table></font>


<span id= ' msg ' style= ' display:none ' > Loading ... ...</span>


<p id= "Result" class= "" ></p>


<style type= "Text/css" >


Body{text-align:center;}


. error{color:red;}


. tb{margin:0 Auto;width:350px;height:200px;text-align:center;}


. Tdleft{width:150px;text-align:left;}


</style>


<script type= ' Text/javascript ' >


$ ("#but"). Click (function () {


var name = $.trim ($ ("#name"). Val ());


var ages = $.trim ($ ("#ages"). Val ());


var pn =/^\d+$/;


var addr = $.trim ($ ("#addr"). Val ());


var pass = $.trim ($ ("#password"). Val ());


var email = $.trim ($ ("#email"). Val ());


var reg =/^[a-za-z0-9_]+@[a-za-z0-9_]+ (\.[ a-za-z]+) +$/gi;


if (name.length==0) {


Alert ("Please fill in the name carefully!"); return false;


}


if (ages.length==0) {


Alert ("Please fill in age!"); return false;


}


if (!pn.test (ages)) {


Alert ("Please fill in a valid number!"); return false;


}


if (pass.length==0| | PASS.LENGTH>6) {


Alert ("Please fill in the password carefully!"); return false;


}


if (addr.length==0) {


Alert ("Please fill in the address carefully!"); return false;


}


if (email.length==0) {


Alert ("Please fill in the Mail carefully!"); return false;


}


if (!reg.test (email)) {


Alert ("E-mail detection failed");


}


var send = {' name ': Name, ' ages ': Ages, ' pass ':p, ' addr ': addr, ' email ': email};


$.post (' _process.php ', send,function (data) {


if (data.res==-1) {


$ ("#result"). AddClass ("error");


}


$ ("#result"). HTML (DATA.MSG);


$ ("form") [0].reset ();


}, ' json ');


})


$ ("#msg"). Ajaxstart (function () {


$ (this). FadeIn ();


}). Ajaxstop (function () {


$ (this). Fadeout ();


})


</script>


</body>


</html>





2,_process.php receive AJAX submit data and do related processing files


Copy Code code as follows:



<?php


Header (' Content-type:text/html;charset=utf-8 ');


Sleep (1);


$conn = Mysqli_connect ("localhost", "root", "root", "register") or Die ("Unable to connect!"). Mysqli_connect_error ());


Mysqli_query ($link, "Set names UTF8");





$name = isset ($_post[' name ')? Mysqlquotes (Trim ($_post[' name ')): ';


$ages = Isset ($_post[' ages '])? Intval (Trim ($_post[' ages ')): ';


$pass = isset ($_post[' pass '])? Mysqlquotes (Trim ($_post[' pass ')): ';


$ADDR = isset ($_post[' addr '])? Mysqlquotes (Trim ($_post[' addr ')): ';


$email = isset ($_post[' email ')]? Mysqlquotes (Trim ($_post[' email ')): ';


if (empty ($name)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your name carefully '));


}


Query username exists in the Tb_register table, does not exist, and exists to inform registered


$sql 0 = "SELECT COUNT (1) as Nums from Tb_register where Username= ' {$name} '";


$row 0 = Select_one ($conn, $sql 0);


if ($row 0[' nums ']>=1) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Sorry, the username has been registered! ')); Exit


}


if (empty ($ages)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your age carefully '));


}


if (!preg_match ("/^\d+$/", $ages)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter a valid number ');


}


if (empty ($pass)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your password carefully '));


}


if (empty ($addr)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your address carefully '));


}


if (empty ($email)) {


echo Json_encode (' res ' =>-1, ' msg ' => ' Please enter your mailbox carefully '));


}


if (!preg_match ("/^[a-za-z0-9_]+@[a-za-z0-9_]+ \.[ a-za-z]+) +$/", $email))" {


echo json_encode (Array (' res ' =>-1, ' msg ' => ' Your mailbox is not in the correct format '));


}


$add _day = Date ("Ymdhis");





The following is the warehousing operation


$sql = "INSERT into Tb_register set username= ' {$name} ', ages= ' {$ages} ', password= ' {$pass} ', address= ' {$addr} ', Email= ' {$ email} ', add_day= ' {$add _day} ';


Mysqli_query ($conn, $sql);


echo Json_encode (' res ' =>1, ' msg ' => ' Congratulations, registration successful! ')); Exit








Prevent MySQL injection attack function inbound data


function Mysqlquotes ($content) {


if (!GET_MAGIC_QUOTES_GPC ())///first check to see if the automatic filtering mechanism is turned on and manually add function filtering


{


$content = Addslashes ($content);


}


Return Stripslashes (Htmlspecialchars ($content));


}








function Select_one ($conn, $sql) {


$res = Mysqli_query ($conn, $sql) or Die ("Failed". Mysqli_error ());


$result = Array ();


if (!empty ($res)) {


$result = Mysqli_fetch_assoc ($res);


}


Mysqli_free_result ($res);


return $result;


}





The above custom function Mysqlquotes **********


TIPS1, (ps:t good PHP q buckle 峮: 276167802, verify: CSL)


The role of the Addslashes function is to add a backslash to the specified character, with the following special characters


Single quotation mark ('), double quotation mark ("), backslash (\), NULL








TIPS2,


The role of the Htmlspecialchars function is to convert some special characters into HTML entities, which have the following specific characters:


& (and number) ==> &


"(double quotes) ==>"


' (single quotation mark) ==> '


< (less than) ==> <


> (greater than number) ==> >





TIPS3,


The Stripslashes function is to remove the rice slash that was added by the addslashes () function and restore the original touch sample


For example, $username user input is Tom ' Siy


Deposit into the database is a tom\ ' siy with a backslash;





It can be retrieved using stripslashes () to restore the output Tom ' Siy





The above is this article about the AJAX submission form data to the warehousing of the overall operation process, I hope this article for the vast number of PHP developers to help, thank you for reading this article.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.