我正在尝试创建一个简单的目录。我有一个包含以下
的sqlConnect.php文件<?php
$host = 'localhost';
$db = 'books';
$user = 'root';
$pass = 'password';
$con = mysqli_connect($host, $user, $pass, $db);
if ($con) {
echo 'Successfully connected to database!';
} else{
die('Did not connect');
}
?>
然后我有实际的book.php(索引页面),其中包含以下代码:
<?php
include_once 'sqlConnect.php';
?>
<!doctype html>
<html lang="en">
<head>
<title> Library Catalog </title>
</head>
<style>
h1 {
color: #08298A;
}
</style>
<body>
<h1> <center> Library Catalog </center> </h1>
<h4> <center> Add a New Book </center> </h4>
<center>
<form method="POST">
<input type="text" name="title" placeholder="Title" id="title">
<input type="text" name="author" placeholder="Author" id="author">
<input type="text" name="genre" placeholder="Genre" id="genre">
<input type="text" name="quantity" placeholder="Quantity" id="quantity">
<input type="submit" name="submit" value="Submit"/>
<!-- <button type="submit" name="submit"> Submit</button> -->
</form>
</center>
<?php
$title = $_POST['title'];
$author = $_POST['author'];
$genre = $_POST['genre'];
$quantity = (int)$_POST['quantity'];
$submit = $_POST['submit'];
if ($submit) {
$sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES (NULL, '$title', '$author', '$genre', '10');";
mysqli_query($con, $sql);
}
?>
</body>
</html>
当我在页面上输入值并点击提交时,没有任何反应。我已经测试过以确保查询是可以接受的。我遇到了#34;数量&#34;实际上设置为一个字符串而不是像数据库中想要的int,所以我现在硬编码为10。如果我将它放在sqlConnect.php中,我可以得到查询代码但它在book.php中不起作用。我是否通过包含sqlConnect.php类来正确连接数据库?
非常感谢任何帮助!
答案 0 :(得分:1)
我接受了您的代码,并为自己的目的添加了一些增强功能。我在自己的系统上测试了这个。如果它对您不起作用,那么您可能会遇到一些系统问题。
三重检查您的数据库凭据和权限。
此代码将写入debug.log。
<强> book.php中
<?php
include_once 'Log.php';
include_once 'sqlConnect.php';
?>
<!doctype html>
<html lang="en">
<head>
<title> Library Catalog </title>
</head>
<style>
h1 {
color: #08298A;
}
</style>
<body>
<h1> <center> Library Catalog </center> </h1>
<h4> <center> Add a New Book </center> </h4>
<center>
<form method="POST">
<input type="text" name="title" placeholder="Title" id="title">
<input type="text" name="author" placeholder="Author" id="author">
<input type="text" name="genre" placeholder="Genre" id="genre">
<input type="text" name="quantity" placeholder="Quantity" id="quantity">
<input type="submit" name="submit" value="Submit"/>
<!-- <button type="submit" name="submit"> Submit</button> -->
</form>
</center>
<?php
\Log\Log::debug('_POST ' . print_r($_POST, true));
$title = $_POST['title'] ?? null;
$author = $_POST['author'] ?? null;
$genre = $_POST['genre'] ?? null;
$quantity = (int) ($_POST['quantity'] ?? 0);
$submit = $_POST['submit'] ?? null;
if ( $submit ) {
$sql = "INSERT INTO catalog (title, author, genre, quantity) VALUES ('$title', '$author', '$genre', $quantity);";
\Log\Log::debug($sql);
if ( ! mysqli_query($con, $sql) ) {
\Log\Log::debug(mysqli_error ( $con ));
}
}
?>
</body>
</html>
<强> Log.php
<?php
namespace Log;
class Log {
static function debug($msg) {
$file = 'debug.log';
file_put_contents($file, strftime('%Y-%m-%d %T ') . $msg . "\n", FILE_APPEND);
}
}
答案 1 :(得分:0)
试试这个
if(isset($ _ POST('submit')){
$ title = mysqli_real_escape_string($ con,$ _ POST('title'));
$ author = mysqli_real_escape_string($ con,$ _POST('author'));
$ genre = mysqli_real_escape_string($ con,$ _ POST('genre'));
$ quantity = mysqli_real_escape_string($ con,$ _POST('quantity'));
$ query =“INSERT INTO目录(标题,作者,流派,数量)VALUES('$ title','$ author','$ genre','$ quantity');
$ ret = mysqli_query($ con,$ query);
如果(!$ RET){
死(mysqli_error($ con));
}
否则{
echo 'query was successful ';
}
否则{
echo 'post is not set);
}
我希望这会有所帮助。
答案 2 :(得分:0)
更改此代码:
// handles form input security
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
到此:
{{1}}
之后,您应该在输入上运行某种安全功能,如下所示:
{{1}}
您可以对每个$ _POST []数据运行test_input()以防止出现安全问题