PHP将数据提交到同一页面上的表

时间:2015-04-22 22:35:35

标签: php mysql

试图找出如何将新帖子提交到已经使用mysql数据库中的数据条目创建的预先存在的表。我希望它测试请求是否首先来自POST,如果是,则将新行插入数据库并在表中显示新数据。这是我到目前为止所提出的,但在提交时,似乎没有任何事情发生,我的桌子就消失了。非常感谢任何帮助。

这是我到目前为止所拥有的:

      $result = mysqli_query($dbconnect, $query);
            $num_rows = mysqli_num_rows($result);
        }
        if ($num_rows > 0) // build a table to show results
        {
        echo "<table border='1'>";
        echo "<tr>";
        echo "<th>Post ID </th>"; echo "<th>Author</th>";
        echo "<th>Title</th>"; echo "<th>Post</th>";
        echo "</tr>";

     while($row = mysqli_fetch_array($result))
        {
        echo "<tr>";
        echo "<td>" . $row['pid'] . "</td>";
        echo "<td>" . $row['author'] . "</td>";
        echo "<td>" . $row['title'] . "</td>";
        echo "<td>" . $row['post'] . "</td>";
        echo "</tr>";
        }   
        echo "</table>";
    } else{
        echo "No rows returned.";
    }
    ?>

 <form name ="myForm" action ="second.php<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"   
       method = "POST"> <br><br><br>

     <h3> Create a Post </h3>

     Author  <input type ="text" size ="40" name ="author"/><br>
     Title <input type ="text" size ="30" name ="title"/><br><br>
     Post <br><textarea rows ="15" cols ="10" name ="post"></textarea><br>
     <input type ="submit" name = "submitpost" value ="Submit Post"/>
    </form>
    <?php


  // $sql = "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')";

  //if($_SERVER['REQUEST_METHOD'] === 'POST'){
   //if(isset($_POST['submitpost'])){

  //post the $sql back into the exisiting table somehow
   ?>

1 个答案:

答案 0 :(得分:5)

  • 未来读者请注意。这个答案是基于OP的原始帖子。 See the revisions

INSERT查询放在条件语句中:

if($_SERVER['REQUEST_METHOD'] === 'POST'){

  if(isset($_POST['submitpost'])){

  $sql = mysqli_query($dbconnect, "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')") 

     or die(mysqli_error($dbconnect));

    }

}

并将action ="second.php<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"更改为action=""

对POST数组使用条件!empty(),以确保您不会获取任何空数据,并可能抛出错误。

旁注:

您目前的代码向SQL injection开放。使用mysqli with prepared statementsPDO with prepared statements他们更安全

根据您的修改,您错过了两个结束括号} error reporting如果使用了{{}}会发出通知。

 <form name ="myForm" action =""  method = "POST"> <br><br><br>

     <h3> Create a Post </h3>

     Author  <input type ="text" size ="40" name ="author"/><br>
     Title <input type ="text" size ="30" name ="title"/><br><br>
     Post <br><textarea rows ="15" cols ="10" name ="post"></textarea><br>
     <input type ="submit" name = "submitpost" value ="Submit Post"/>
    </form>
    <?php

   if($_SERVER['REQUEST_METHOD'] === 'POST'){

     if(isset($_POST['submitpost'])){

   $sql = "INSERT INTO blog_posts (pid, author, title, post) 
        VALUES (NULL, '$_POST[author]', '$_POST[title]', '$_POST[post]')";

   $data = mysqli_query($dbconnect, $sql)

        or die(mysqli_error($dbconnect));

    }

  }
相关问题
最新问题