converting text to int from a form

2018-06-07 02:52:41

am trying to fetch some data from a form, but i cant for some reason. here are some lines of my code.

cellphone: <input type = "text" name = "cellphone"><br />
username : <input type = "text" name = "username"><br />

    $cellphone = $_GET["cellphone"];
    //$cellphone = int() $cellphone;
    $username= $_GET["username"];

$link = mysql_connect('myhost', 'myuser', 'mypass') or die("could not connect to database");
    mysql_select_db ('hunter',$link) or die ("could not find database");
    echo "fetced database";
    //injecting user info into database
    mysql_query("INSERT INTO player values ('','$firstname','$lastname','$location','$cellphone','$username','$email','$password')")or die("could not inject into database.");

but i can not get the cell number to get into my database for some reason. please help me :D

FIRST:
you should must sanitize all incoming variables!

then, to cast to an integer, you can use:

$cellphone = (int) $_GET["cellphone"];

A better solution is to use filter_var();

$cellphone = filter_var( $_GET["cellphone"], FILTER_VALIDATE_INT);

You should read about input validation/sanitazion and filter_var before writing any further code.

now, before people start to advice mysql_real_escape_string() (which does the job, but is not the best solution), take a look at prepared statements through either PDO or MySQLi

make your form POST method, not GET. GET is for requestig data and POST for storing.

Consider to use varchar type field for the phone number.

Though it would be a very good idea to normalize a phone number before insert, by stripping all non-numeric characters from it.

Replace die("msg") with die(mysql_error()) in order to debug the reason of the failure

Don't insert user provided data directly into the DB, use mysql_real_escape_string() or similar to sanitize the data and protect against SQL injections

if the problem is that you phone field is declared as int into the DB, then assure it is an integer before performing the insert. You can try to cast to int, but I think you should perform some more accurate sanitization on the data, checking the expected "admitted" format and type for each field and returning a per field error to the user in case of mis-insertion

By the way, if you store a phone number as an integer you cant handle very well the international prefix (+39 or 0039 for Italy for example), as "+" is not a number, and "00" would be lost in the cast to integer ....

链接地址: http://www.djcxy.com/p/21882.html

上一篇: PHP不处理某些表单字段

下一篇: 将文本从表单转换为int