VAR数据没有推送到SQL

时间:2014-08-29 21:07:24

标签: php mysql

我有一个小问题,我不知道为什么。也许有人可以帮助我。首先是一些免责声明;我还在学习PHP,我知道mysqli或pdo,但是这个服务器会运行一个旧版本的php。

现在好了解问题。

我有一个表单,它传递给我的post-data.php表单以推送到SQL db。

然而,当它推送数据时,它只是从表单的后期操作中推送变量而不是变量中的数据。

Screenshot of submitted data in PHPmyadmin

我的守则如下:

<?php
    $hostname = "localhost"; $username = "goldme_owner";
    $dbName = "goldme_dealer_meeting";

    $connect = mysql_connect($hostname, $username);
    if (!$connect) { 
        echo "Please try later."; 
    } 
    else { 
        mysql_select_db($dbName, $connect); 
        $checkboxA1 = isset($_POST['checkboxA1']) ? $_POST['checkboxA1'] : 'No';
        $checkboxE1 = isset($_POST['checkboxE1']) ? $_POST['checkboxE1'] : 'No';
        $checkboxF1 = isset($_POST['checkboxF1']) ? $_POST['checkboxF1'] : 'No';
        $checkboxG1 = isset($_POST['checkboxG1']) ? $_POST['checkboxG1'] : 'No';
        $checkboxH1 = isset($_POST['checkboxH1']) ? $_POST['checkboxH1'] : 'No';
        $checkboxI1 = isset($_POST['checkboxI1']) ? $_POST['checkboxI1'] : 'No';
        $checkboxJ1 = isset($_POST['checkboxJ1']) ? $_POST['checkboxJ1'] : 'No';
        $checkboxK1 = isset($_POST['checkboxK1']) ? $_POST['checkboxK1'] : 'No';
    }

    echo "$checkboxA1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxE1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxF1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxG1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxH1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxI1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxJ1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$checkboxK1"; //just want to make sure checkbox vars are passing //will delete in final code
    echo "$_POST[confirm]"; //just want to make sure confirm code generated //will delete in final code

        $sql_statement = 'INSERT INTO 2014_registrations'. 
        '(confirm_number,timecode,company_name,country,address1,address2,city'.
        ',state,zip,phone,fax,email,zone_manager,transport,first_name,'.
        'last_name,tuesday_tours,tuesday_meat,wed_lunch,wed_dinner,'.
        'wed_pool_tourney,thurs_lunch,thurs_dinner,fri_shop,fri_tour,dietary)'.
        'VALUES ("$_POST[confirm]","$_POST[timecode]","$_POST[company_name]",'.
        '"$_POST[address]","$_POST[address2]","$_POST[city]","$_POST[state]",'.
        '"$_POST[zip]","$_POST[country]","$_POST[phone]","$_POST[fax]",'.
        '"$_POST[email]","$_POST[zonemanager]","$_POST[transport]",'.
        '"$_POST[fattendee1]","$_POST[lattendee1]","$_POST[checkboxA1]",'.
        '"$_POST[radio1]","$_POST[checkboxE1]","$_POST[checkboxF1]",'.
        '"$_POST[checkboxG1]","$_POST[checkboxH1]","$_POST[checkboxI1]",'.
        '"$_POST[checkboxJ1]","$_POST[checkboxK1]","$_POST[dietary1]")';


    $rec_insert = mysql_query($sql_statement);
    if(! $rec_insert ){
        die('Could not enter data: ' . mysql_error());
    }
    echo "Entered data successfully\n";
    mysql_close($connect);
?>

4 个答案:

答案 0 :(得分:0)

变量被读作字符串,因为它们用单引号书写。

我已将变量移到单引号之外,只是将它们连接到字符串。 此代码极易受SQL注入影响,不应在生产环境中使用。 

$sql_statement = 'INSERT INTO 2014_registrations'. 
'(confirm_number,timecode,company_name,country,address1,address2,city'.
',state,zip,phone,fax,email,zone_manager,transport,first_name,'.
'last_name,tuesday_tours,tuesday_meat,wed_lunch,wed_dinner,'.
'wed_pool_tourney,thurs_lunch,thurs_dinner,fri_shop,fri_tour,dietary)'.
'VALUES ("'.$_POST[confirm].'","'.$_POST[timecode].'","'.$_POST[company_name].'",'.
'"'.$_POST[address].'","'.$_POST[address2].'","'.$_POST[city].'","'.$_POST[state].'",'.
'"'.$_POST[zip].'","'.$_POST[country].'","'.$_POST[phone].'","'.$_POST[fax].'",'.
'"'.$_POST[email].'","'.$_POST[zonemanager].'","'.$_POST[transport].'",'.
'"'.$_POST[fattendee1].'","'.$_POST[lattendee1].'","'.$_POST[checkboxA1].'",'.
'"'.$_POST[radio1].'","'.$_POST[checkboxE1].'","'.$_POST[checkboxF1].'",'.
'"'.$_POST[checkboxG1].'","'.$_POST[checkboxH1].'","'.$_POST[checkboxI1].'",'.
'"'.$_POST[checkboxJ1].'","'.$_POST[checkboxK1].'","'.$_POST[dietary1].'")';

答案 1 :(得分:0)

首先,从POST请求直接将数据插入数据库几乎不是一个好主意。

我知道格式错误,但请尝试使用此$ sql_statement:

$sql_statement = 'INSERT INTO 2014_registrations'. 
    '(confirm_number,timecode,company_name,country,address1,address2,city'.
    ',state,zip,phone,fax,email,zone_manager,transport,first_name,'.
    'last_name,tuesday_tours,tuesday_meat,wed_lunch,wed_dinner,'.
    'wed_pool_tourney,thurs_lunch,thurs_dinner,fri_shop,fri_tour,dietary)'.
    "VALUES (\"{$_POST[confirm]}\",\"{$_POST[timecode]}\",\"{$_POST[company_name]}\",".
    "\"{$_POST[address]}\",\"{$_POST[address2]}\",\"{$_POST[city]}\",\"{$_POST[state]}\",".
    "\"{$_POST[zip]}\",\"{$_POST[country]}\",\"{$_POST[phone]}\",\"{$_POST[fax]}\",".
    "\"{$_POST[email]}\",\"{$_POST[zonemanager]}\",\"{$_POST[transport]}\",".
    "\"{$_POST[fattendee1]}\",\"{$_POST[lattendee1]}\",\"{$_POST[checkboxA1]}\",".
    "\"{$_POST[radio1]}\",\"{$_POST[checkboxE1]}\",\"{$_POST[checkboxF1]}\",".
    "\"{$_POST[checkboxG1]}\",\"{$_POST[checkboxH1]}\",\"{$_POST[checkboxI1]}\",".
    "\"{$_POST[checkboxJ1]}\",\"{$_POST[checkboxK1]}\",\"{$_POST[dietary1]}\")";

答案 2 :(得分:0)

你的`sql_statment错了。

$sql_statement = 'INSERT INTO 2014_registrations'. 
    '(confirm_number,timecode,company_name,country,address1,address2,city'.
    ',state,zip,phone,fax,email,zone_manager,transport,first_name,'.
    'last_name,tuesday_tours,tuesday_meat,wed_lunch,wed_dinner,'.
    'wed_pool_tourney,thurs_lunch,thurs_dinner,fri_shop,fri_tour,dietary)'.
    'VALUES ("$_POST[confirm]","$_POST[timecode]","$_POST[company_name]",'.
    '"$_POST[address]","$_POST[address2]","$_POST[city]","$_POST[state]",'.
    '"$_POST[zip]","$_POST[country]","$_POST[phone]","$_POST[fax]",'.
    '"$_POST[email]","$_POST[zonemanager]","$_POST[transport]",'.
    '"$_POST[fattendee1]","$_POST[lattendee1]","$_POST[checkboxA1]",'.
    '"$_POST[radio1]","$_POST[checkboxE1]","$_POST[checkboxF1]",'.
    '"$_POST[checkboxG1]","$_POST[checkboxH1]","$_POST[checkboxI1]",'.
    '"$_POST[checkboxJ1]","$_POST[checkboxK1]","$_POST[dietary1]")';

更改为:

$sql_statment = "INSERT INTO 2014_registrations". 
    "(confirm_number,timecode,company_name,country,address1,address2,city".
    ",state,zip,phone,fax,email,zone_manager,transport,first_name,".
    "last_name,tuesday_tours,tuesday_meat,wed_lunch,wed_dinner,".
    "wed_pool_tourney,thurs_lunch,thurs_dinner,fri_shop,fri_tour,dietary)".
    "VALUES ($_POST['confirm'],$_POST['timecode'],$_POST['company_name'],".
    "$_POST['address'],$_POST['address2'],$_POST['city'],$_POST['state'],".
    "$_POST['zip'],$_POST['country],$_POST[phone'],$_POST['fax'],".
    "$_POST['email'],$_POST['zonemanager'],$_POST['transport'],".
    "$_POST['fattendee1'],$_POST['lattendee1'],$_POST['checkboxA1'],".
    "$_POST['radio1'],$_POST['checkboxE1'],$_POST['checkboxF1'],".
    "$_POST['checkboxG1'],$_POST['checkboxH1'],$_POST['checkboxI1'],".
    "$_POST['checkboxJ1'],$_POST['checkboxK1'],$_POST['dietary1']")";

如果您使用$sql_statment = '',则无法在$sql_statment = '$_POST[confirm]';中添加变量,因为它会将其视为文本。你必须像$sql_statment = $_POST['checkboxG1'].','.$_POST['checkboxH1'].','.$_POST['checkboxI1'].','.那样 另一种方法是像我一样将它全部更改为$sql_statment = "$_POST['checkboxG1'],$_POST['checkboxH1'],$_POST['checkboxI1'],";

看到使用'和'时存在差异;

顺便说一下。你应该使用一些安全性,例如mysql_escape_string

答案 3 :(得分:0)

在单引号内,变量不会被读取为变量。例如,echo '$a'将打印$a,但echo "$a"将打印$a的值。

在您的代码中,您尝试使用与'$a'类似的内容,换句话说,您使用围绕变量的单引号而不是双引号。

尝试将其写为

"VALUES ('$_POST[confirm]','$_POST[timecode]','$_POST[company_name]',".


'VALUES ("'.$_POST[confirm].'","'.$_POST[timecode].'","'.$_POST[company_name].'",'.

依旧......

请注意,使用$_POST[confirm]会发出通知。使用它的正确方法是$_POST['confirm']

另请注意,您的代码容易受到SQL注入攻击。考虑使用准备好的陈述。

相关问题
最新问题