<form name="applyform" action="applyform.php" method="post">
<fieldset>
<legend>Application Details</legend>
<p>Name :<?php echo $row ["Emp_Fname"]; ?></p>
<p>ID number :<?php echo $row['Emp_ID']; ?></p>
<p>Email :<?php echo $row['Emp_Email']; ?></p>
<p>Address :<?php echo $row['Emp_Address']; ?></p>
<p>Handphone Number :<?php echo $row['ContactNo_HP']; ?></p>
<p>Phone Number :<?php echo $row['ContactNo_Home']; ?></p>
<p>Date of application :<?php echo $row['Leave_RequestDate']; ?></p>
<p>Type of leave:
<select name="leave type">
<option selected>Annual leave</option>
<option>Sick leave</option>
<option>Emergency leave</option>
<option>Maternity leave</option>
</select>
</p>
<p>Leave duration:<input type="date" name="leave_start">to<input type="date" name="leave_end"></p>
<p>Reason:<textarea rows="4" cols="50" name="reason"></textarea></p>
<p><input type="submit" name="submitbtn" value="Submit"/>
这是我表格的代码。有什么不对吗?
<?php
if(isset($_POST['submitbtn'])) {
if(!$con) {
die("cannot connect : " .mysql_error());
}
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('$_POST[leave_start]','$_POST[leave_end]','$_POST[reason]')");
mysql_query($sql,$con);
mysql_close($con);
}
?>
以上是我的PHP代码。当我尝试提交表单时数据库不会更新,有人可以帮助我吗?
答案 0 :(得分:0)
您是否忘记在PHP代码的第5行附近包含mysql_connect?
$con = mysql_connect('mysql_host', 'mysql_user', 'mysql_password');
答案 1 :(得分:0)
而不是
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('$_POST[leave_start]','$_POST[leave_end]','$_POST[reason]')");
试
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('".$_POST["leave_start"]."','".$_POST["leave_end"]."','".$_POST["reason"]."')");
注意:执行此类查询并不安全,因为$_POST未在
这样的事情应该更好
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('".mysqli_real_escape_string($con,$_POST["leave_start"])."','".mysqli_real_escape_string($con,$_POST["leave_end"])."','".mysqli_real_escape_string($con,$_POST["reason"])."')");
答案 2 :(得分:0)
您需要了解一下PHP变量传递和SQL注入。您的最终查询必须看起来像
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('{".mysqli_real_escape_string($_POST['leave_start'])."}','{".mysqli_real_escape_string($_POST['leave_end'])."}','{".mysqli_real_escape_string($_POST['reason'])."}')");
答案 3 :(得分:0)
您可以尝试 MySQLi ,而不是谓词 MySQL 。
<?php
if(isset($_POST['submitbtn']))
{
$connection=mysqli_connect("Host","Username","Password","Database");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
mysqli_query($connection,"INSERT INTO leave(Leave_Start, Leave_End, Leave_Reason) VALUES('$_POST[leave_start]','$_POST[leave_end]','$_POST[reason]')");
}
?>
答案 4 :(得分:-1)
您的插入内容不正确:
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('$_POST[leave_start]','$_POST[leave_end]','$_POST[reason]')");
应该是这样的:
$sql = ("INSERT INTO leave(Leave_Start,Leave_End,Leave_Reason) VALUES('{$_POST["leave_start"]}','{$_POST["leave_end"]}','{$_POST["reason"]}')");
您应始终转义字符串中的特殊字符。否则他们会被误解。
http://php.net/manual/en/language.types.string.php
顺便说一句,我假设$ con是一个有效的连接对象。