0
올바른 쿠폰 코드를 입력 할 때 사용자가 광고를 제출하고 업데이트 할 수있는 양식을 만들었지 만 "잘못된 쿠폰 코드"라는 메시지가 표시되지 않습니다. 그들이 잘못된 쿠폰 코드를 입력하면 에코 아웃합니다.사용자가 잘못된 코드를 입력하면 메시지가 표시되지 않습니다.
을 heres 내 코드 :
<? require("connect.php"); ?>
<form action="advertisement.php" method="POST" enctype="multipart/form-data">
<table width="50%" border="0" cellspacing="0" cellpadding="8">
<tr>
<td><div align="right"> Apartment:</div></td>
<td><select name="apartment" id="apartment">
<option>Place Ad In Which Apartment...</option>
<option value="0">Archstone La Jolla</option>
<option value="1">Archstone La Jolla Colony</option>
<option value="2">Archstone UTC</option>
<option value="3">Canyon Park</option>
<option value="4">Costa Verde Village</option>
<option value="5">Costa Verde Towers</option>
<option value="6">La Jolla Crossroads</option>
<option value="7">La Jolla Del Sol</option>
<option value="8">La Jolla International Garden</option>
<option value="9">La Jolla Palms</option>
<option value="10">La Mirada</option>
<option value="11">La Regencia</option>
<option value="12">La Scala</option>
<option value="13">Las Flores</option>
<option value="14">The Villas</option>
<option value="15">Nobel Court</option>
<option value="16">Pacific Gardens</option>
<option value="17">Regents Court</option>
<option value="18">Regents La Jolla</option>
<option value="19">Trieste</option>
<option value="20">Valentia</option>
<option value="21">Whispering Pines</option></select></td>
</tr>
<tr>
<td><div align="right">Description:</div></td>
<td><textarea name="description" id="description" cols="55" rows="7" wrap="VIRTUAL"></textarea></td>
</tr>
<tr>
<td><div align="right">Coupon Code:</div></td>
<td><input type="text" name="code" size="60"></td>
</tr>
<tr>
<td></td>
<td><div align="left">
<input type="reset" value="Clear">
<input type="submit" name="submit" value="Submit"></div></td>
</tr>
</table>
</form>
<?php
$description = $_POST['description'];
$apartment = $_POST['apartment'];
$code = $_POST['code'];
//retrieve data from password table
$query = mysql_query ("SELECT * FROM coupon WHERE code = '$code' ");
//get number of rows in table
$numrows = mysql_num_rows ($query);
if ($numrows !=0)
{
// gather all codes
while ($row = mysql_fetch_assoc ($query))
{
//retrieve code from database to match with the code that was put into field
$dbcode = $row['code'];
}
//check to see if they match
if ($code == $dbcode)
{
//check to see if coupon code is in both consumer and coupon tables
$query2 = mysql_query ("SELECT * FROM consumer WHERE code = '$code' ");
$numrows2 = mysql_num_rows ($query2);
while ($row2 = mysql_fetch_assoc ($query2))
{
$consumercode = $row2['code'];
}
if($dbcode == $consumercode)
{
$update = mysql_query ("UPDATE consumer SET description = '$description' WHERE code ='$code' ");
echo "Advertisement successfully updated.";
}
//if coupon not in both tables then they haven't posted advertisement yet
else
{
$time = time();
$day = 30;
$exp = $time + ($day * 86400);
mysql_query ("INSERT INTO consumer VALUES ('','$description', '$exp', '$apartment', '$code')");
mysql_query ("UPDATE coupon SET exp = '$exp' WHERE code ='$code' ");
echo "Your advertisement has been successfully submitted.";
}
}
else
echo "Invalid coupon code.";
}
else
echo "";
?>
if ($numrows !=0)을 기반으로하기 때문에끝에서 두 번째 에코 문은 경우, 내가 잘못된 코드 메시지가 될 것이라고 생각 메시지를 가져야한다 ($ numRows의! = 0) 문제입니다, how about $ numrows> 0 – Ibu
SQL 인젝션 공격으로부터 보호하기 위해 mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php "> 또는 준비된 구문을 사용하십시오 http : // en. wikipedia.org/wiki/Sql_injection – Belinda