php表单数据没有插入mysql数据库屏幕上没有错误?

时间:2014-02-01 17:48:36

标签: php mysql forms

我制作一个php表单并将表单条目插入到mysql数据库中。 php脚本和表单依赖于同一页面。表格还使用了验证规则。在我点击提交后最终填写所有表单条目后我没有任何错误但是当我检查我的数据库时没有插入条目,有什么问题?怎么解决?这是我的完整代码.. 

<?php
// define variables and set to empty values
$regErr = $nameErr = $misErr = $vbErr = $statErr = $tmErr = "";
$reg = $name = $mis = $vb = $stat = $tm = "";


if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["Reg"]))
     {$regErr = "Reg ID is required";}
     else
     {
     $reg = $_POST["Reg"];
}
   if (empty($_POST["Name"]))
     {$nameErr = "Name is required";}
     else
     {
     $name = $_POST["Name"];

          // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$name))
     {
       $nameErr = "Only letters and white space allowed"; 
       }
   }

   if (empty($_POST["Mis"]))
     {$misErr = "Please Enter Marks";}
   else
     {
     $mis = $_POST["Mis"];
     // check if value entered is Numeric
     if(!is_numeric($mis)) {
    $misErr = "Data entered was not numeric";
     }
     }

   if (empty($_POST["Vb"]))
     {$vbErr = "Please Enter Marks";}
   else
     {
     $vb = $_POST["Vb"];
     // check if value entered is Numeric
     if(!is_numeric($vb)) {
    $vbErr = "Data entered was not numeric";
     }
     }

     if (empty($_POST["Stat"]))
     {$statErr = "Please Enter Marks";}
   else
     {
     $stat = $_POST["Stat"];
     // check if value entered is Numeric
     if(!is_numeric($stat)) {
    $statErr = "Data entered was not numeric";
     }
     }

     if (empty($_POST["Tmarks"]))
     {$tmErr = "Please Enter Marks";}
   else
     {
     $tm = $_POST["Tmarks"];
     // check if value entered is Numeric
     if(!is_numeric($tm)) {
    $tmErr = "Data entered was not numeric";
     }
     }     
}
// 1. Creating Database Connection
    $connection = mysql_connect("localhost","root");
    if ($connection) {

print "Database Found";

}
else {

print "Database NOT Found";

}
    if (!$connection){
    die("Database connection failed:".mysql_error());
    }
    // 2. Select a Database to use
    $db_select = mysql_select_db("csresult",$connection);       
    if (!$db_select) {
        die ("Database Selection failed:".mysql_error());
            }

$sql= mysql_query("INSERT INTO record ('reg', 'name', 'mis', 'vb', 'stat', 'total') VALUES ('".$reg."', '".$name."', '".$mis."', '".$vb."', '".$stat."', '".$tm."')",$connection);
echo $sql;  

echo "1 record added";  

mysql_close($connection);

?>



<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"> 
<table width=600 cellspacing=1 cellpadding=2 style='color:white;'>
<tr>
<td>Registration#:</td>
<td><input type="text" name="Reg"><span class="error">* <?php echo $regErr;?></span></td>
</tr>
<tr>
<td>Student Name:</td>
<td><input type="text" name="Name"> <span class="error">* <?php echo $nameErr;?></span></td>
</tr>
<tr>
<td>MIS Marks:</td>
<td><input type="text" name="Mis"><span class="error">*<?php echo $misErr;?></span></td>
</tr>
<tr>
<td>VB.NET Marks:</td>
<td><input type="text" name="Vb"><span class="error">*<?php echo $vbErr;?></span></td>
</tr>
<tr>
<td>Stat Marks:</td>
<td><input type="text" name="Stat"><span class="error">*<?php echo $statErr;?></span></td>
</tr>
<tr>
<td>Subject Total Marks:</td>
<td><input type="text" name="Tmarks"><span class="error">*<?php echo $tmErr;?></span></td>
</tr>
</table><br>
<p style='margin-left:300px;'><input type="submit" name="submit" value="Submit"></p>
</form>

3 个答案:

答案 0 :(得分:1)

您在列名称周围加上单引号。单引号用于字符串文字和日期文字。

$sql= mysql_query("INSERT INTO record ('reg', 'name', 'mis', 'vb', 'stat', 'total') ...

应该是:

$sql= mysql_query("INSERT INTO record (reg, name, mis, vb, stat, total) ...

有些人建议使用反向标记,但除非您的列名包含SQL保留字或特殊字符,否则没有必要。

您应该始终检查mysql_query()的返回值,因为如果出现错误,它将返回 false 。如果是这种情况,您必须自己报告错误消息。

$sql = mysql_query(...);
if ($sql === false) { die(mysql_error()); }

其他提示:

  • 您正在使用不推荐使用的ext / mysql函数编写代码。你应该使用mysqli或PDO。如果出现错误,这些函数也会返回 false

  • 您正在以不安全的方式编写代码。在将任何代码放在互联网上之前,请阅读有关SQL注入的信息:What is SQL injection?How can I prevent SQL injection in PHP?

答案 1 :(得分:0)

使用反引号代替'或从列名中删除'。如果您使用任何保留字作为列名,则应使用backtick

试试这个,

 $sql= mysql_query("INSERT INTO record (`reg`, `name`, `mis`, `vb`, `stat`, `total`) 
       VALUES ('".$reg."', '".$name."', '".$mis."', '".$vb."', '".$stat."', '".$tm."')") 
      or die(mysql_error());

而不是

 $sql= mysql_query("INSERT INTO record ('reg', 'name', 'mis', 'vb', 'stat', 'total') VALUES ('".$reg."', '".$name."', '".$mis."', '".$vb."', '".$stat."', '".$tm."')",$connection);

答案 2 :(得分:0)

不要使用mysql,请使用mysqli。无论如何使用像

$query_insert = "INSERT INTO record (reg, name, mis, vb, stat, total) VALUES ('$reg', '$name', '$mis', '$vb', '$stat', '$tm')";
mysql_query($query_insert,$connection);
相关问题
最新问题