PHP - 从表单向mysql插入记录

时间:2014-07-31 13:42:29

标签: php mysql

这是未写入所有数据但应插入数据的表:

members_posts
`screenname` varchar(255) DEFAULT NULL,
`id` int(11) NOT NULL AUTO_INCREMENT,
`images_id` int(11) DEFAULT NULL,
`item` varchar(25) DEFAULT NULL,
`noi` varchar(124) DEFAULT NULL,
`notes` varchar(255) DEFAULT NULL,
`posted` timestamp DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `screenname_idx` (`screenname`),
CONSTRAINT `screenname_posts` FOREIGN KEY (`screenname`) REFERENCES `members`   (`screenname`) ON DELETE NO ACTION ON UPDATE NO ACTION)

当我尝试打开我的postitem.php页面时,它会加载页面,但是在将任何数据输入表单之前已经插入了ID,NOTES和POSTED字段。

这是postitem.php表格:

<?php 

// Connection data to the database 
require("/config/common.php");

// Check to see whether the screen name is already in use.
$query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


$query_params = array( 
':screenname' => $_POST['screenname']); 

try 
{ 
// These two statements run the query against your database table. 
$stmt = $db->prepare($query); 
$result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 

if($row) 
{ 
die("This screen name is already in use"); 
} 

$query = "INSERT INTO members_posts (screenname, item, noi, notes) 
VALUES (:screenname, :item, :noi, :notes)"; 

$query_params = array( 
':screenname' => $_POST['screenname'], ':item' => $_POST[$item], ':noi' =>     $_POST[$noi], ':notes' => $_POST['notes']); 

try 
{ 
$stmt = $db->prepare($query); 
$result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
die("Failed to run query: " . $ex->getMessage()); 
} 

// Redirects the member back to the member's account page after posting an item. 
//header("Location: myacct.php"); 


//die("Redirecting to myacct.php"); 


?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" src="/images/postit.png" value="Upload It" /></td></tr>
</form>
</table>
</body>
</html>

提前感谢任何人可以提供给我的任何帮助!

PS:我确实将重定向到myacct.php只是一个测试备注,以保持打开postitem页面以排除故障。

3 个答案:

答案 0 :(得分:1)

在进行如下数据库查询之前,您应该始终检查用户是否先提交了表单:

<?php 

if(isset($_POST['submit_form']))
{
    // Connection data to the database 
    require("/config/common.php");

    // Check to see whether the screen name is already in use.
    $query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


    $query_params = array( 
    ':screenname' => $_POST['screenname']); 

    try 
    { 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
    die("This screen name is already in use"); 
    } 

    $query = "INSERT INTO members_posts (screenname, item, noi, notes) 
    VALUES (:screenname, :item, :noi, :notes)"; 

    $query_params = array( 
    ':screenname' => $_POST['screenname'], ':item' => $_POST['item'], ':noi' =>     $_POST['noi'], ':notes' => $_POST['notes']); 

    try 
    { 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Redirects the member back to the member's account page after posting an item. 
    //header("Location: myacct.php"); 


    //die("Redirecting to myacct.php"); 

}
?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" src="/images/postit.png" value="Upload It" name="submit_form" /></td></tr>
</form>
</table>
</body>
</html>

请注意,为提交输入标记添加了name属性

答案 1 :(得分:0)

将整个插入脚本放在

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // SQL-commands here
}

除此之外,您可能还想检查用户是否输入了有效(非空)的屏幕名称等。

答案 2 :(得分:0)

首先给你的提交按钮命名(在这个例子中为'submit'),然后检查它是否已被推送查看_POST数组。

这里是代码:

    <?php 

    // Connection data to the database 
    require("/config/common.php");
if($_POST['submit']){
    // Check to see whether the screen name is already in use.
    $query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


    $query_params = array( 
    ':screenname' => $_POST['screenname']); 

    try 
    { 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
    die("This screen name is already in use"); 
    } 

    $query = "INSERT INTO members_posts (screenname, item, noi, notes) 
    VALUES (:screenname, :item, :noi, :notes)"; 

    $query_params = array( 
    ':screenname' => $_POST['screenname'], ':item' => $_POST[$item], ':noi' =>     $_POST[$noi], ':notes' => $_POST['notes']); 

    try 
    { 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Redirects the member back to the member's account page after posting an item. 
    //header("Location: myacct.php"); 


    //die("Redirecting to myacct.php"); 
 }

    ?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" name='submit' src="/images/postit.png" value="Upload It" /></td></tr>
</form>
</table>
</body>
</html>
相关问题
最新问题