我正在尝试使用表单将新行插入MySQL数据库。如果我的代码很差,我很抱歉,我仍然是PHP的初学者。
这是我目前的代码:
<?php
$page ="Add New Member";
require('header.php');
require('authentication.php');
if (isset($_POST)){
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$mobile_number = $_POST['number'];
$programme = $_POST['programme'];
$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ($first_name, $last_name, $email, $mobile_number, $programme');
}
?>
<br />
<div class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">
Add New Member
</div>
<div class="panel-body">
<div class="row">
<div class="col-lg-6">
<form method="post">
<div class="form-group">
<label>Membership Number</label>
<input name="mem_number" class="form-control" type="text" autocomplete="off" readonly value="<?php foreach($db->query('SELECT id FROM members ORDER BY id DESC LIMIT 1') as $row) {
echo $row['id']+1;}?>">
<p class="help-block">This is automatically assigned.</p>
</div>
<div class="form-group">
<label>First Name</label>
<input type="text" name="first_name" class="form-control" autocomplete="off">
<p class="help-block">Enter your first name here.</p>
</div>
<div class="form-group">
<label>Last Name</label>
<input type="text" name="last_name" class="form-control" autocomplete="off">
<p class="help-block">Enter your last name here.</p>
</div>
<div class="form-group">
<label>Email</label>
<input type="email" name="email" class="form-control" autocomplete="off">
<p class="help-block">Enter your email address here.</p>
</div>
<div class="form-group">
<label>Mobile Number</label>
<input type="text" name="phone_number" class="form-control" autocomplete="off">
<p class="help-block">Enter your phone number here.</p>
</div>
<div class="form-group">
<label>Programme</label>
<select class="form-control" name="programme">
<option>Bootcamp</option>
<option>28 Day Fat Blaster</option>
</select>
</div>
<button type="submit" class="btn btn-primary">Add Member</button>
<button type="reset" class="btn btn-default">Reset Button</button>
</form>
</div>
<!-- /.col-lg-6 (nested) -->
</div>
<!-- /.row (nested) -->
</div>
<!-- /.panel-body -->
</div>
<!-- /.panel -->
</div>
<!-- /.col-lg-12 -->
当我提交表单时,我收到以下错误:
[Fri Oct 03 14:34:01.561508 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice: Undefined index: first_name in /var/www/html/addmember.php on line 7, referer: http://localhost/members.php
[Fri Oct 03 14:34:01.561613 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice: Undefined index: last_name in /var/www/html/addmember.php on line 8, referer: http://localhost/members.php
[Fri Oct 03 14:34:01.561639 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice: Undefined index: email in /var/www/html/addmember.php on line 9, referer: http://localhost/members.php
[Fri Oct 03 14:34:01.561663 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice: Undefined index: number in /var/www/html/addmember.php on line 10, referer: http://localhost/members.php
[Fri Oct 03 14:34:01.561686 2014] [:error] [pid 3813] [client 127.0.0.1:41855] PHP Notice: Undefined index: programme in /var/www/html/addmember.php on line 11, referer: http://localhost/members.php
[Fri Oct 03 14:34:30.224432 2014] [:error] [pid 3836] [client 127.0.0.1:41856] PHP Notice: Undefined index: number in /var/www/html/addmember.php on line 10, referer: http://localhost/addmember.php
现在我明白这意味着$ _POST ['first_name']没有定义,但我认为它会在发布时定义。
我的问题是,我做错了什么?
答案 0 :(得分:2)
在这种情况下,打印$_POST的结果以调试/了解结构非常有用。
if( $_POST ) {
die( print_r($_POST) );
// or use
// die( var_dump($_POST) );
}
这样,您就知道$_POST内的内容。
在这里:
$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES ($first_name, $last_name, $email, $mobile_number, $programme)');
你应该使用双引号并修改变量:
$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$mobile_number}', '{$programme}')");
事实上,您应该使用prepared statements和parameter bindings:
$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme) VALUES (:first_name, :last_name, :email, :mobile_number, :programme)');
答案 1 :(得分:1)
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$mobile_number = $_POST['number'];
$programme = $_POST['programme'];
因此,您可以进行简单的检查
$first_name = array_key_exists('first_name', $_POST) ? $_POST['first_name'] : "";
POST也可能是一个好主意,从而引发错误。 由于这些是字符串,您必须通过引用它们来对待它们。
$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$mobile_number}', '{$programme}')");
VALUES括号。您的选项缺少value
<select class="form-control" name="programme">
<option value="bootcamp">Bootcamp</option>
<option value="28_day_fat_blaster">28 Day Fat Blaster</option>
</select>
答案 2 :(得分:1)
以下行不正确,并且在一些地方缺少引号,包括您的VALUES变量和缺少的)。
$db->query('INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ($first_name, $last_name, $email, $mobile_number, $programme');
将其更改为:
$db->query("INSERT INTO members (first_name, last_name, email, mobile_number, programme)
VALUES ('$first_name', '$last_name', '$email', '$mobile_number', '$programme')");
您的选择也缺少值,因此您不会从中获得任何回报。
<select class="form-control" name="programme">
<option value="bootcamp">Bootcamp</option>
<option value="fatblaster">28 Day Fat Blaster</option>
</select>
<强> 建议:
使用输入而不是按钮时,而不是if(isset($_POST))使用if(isset($_POST['submit'])){...}。
即:
<input type="submit" name="submit" value="Add Member">
它比if(isset($_POST))
您目前的代码向SQL injection开放。
我建议您使用prepared statements或PDO with prepared statements,他们更安全。