Question

您好，我是PHP和MySQL的初学者，我目前正在设计一个分配网站。该网站应该允许您查看数据库，添加和删除数据库中的记录。

以下代码只是创建一个用于添加记录的表单页面，但实际上无法将记录添加到数据库中。

任何人都可以告诉我我缺少什么，我需要添加到代码中以及应该添加的位置以及我应该做出的任何更改。

<html>
    <head>
        <title>New Record</title>
    </head>
    <body>

<?php
if(isset($_POST["ID"])) {
    $ID = $_POST['ID'];
    $ProductName = $_POST['ProductName'];
    $Price = $_POST['Price'];
    $Stock = $_POST['Stock'];
}

$error='';
if ($error != '');
{
    echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>

        <form action="New.php" method="post">
            <div>
                <strong>ID: </strong> <input type="int" name="ID"><br>
                <strong>ProductName: </strong> <input type="VARCHAR" name="ProductName"><br>
                <strong>Price:  </strong> <input type="text" name="Price"><br>
                <strong>Stock:  </strong> <input type="int" name="Stock"><br>
                <input type="submit" name="submit" value="Submit">
            </div>
        </form>
    </body>
</html>

<?php
$con = mysqli_connect("localhost","root","");
if (!$con) 
{
    mysqli_select_db("stationaryonlinecustomers", $con);
}

if (isset($_POST['submit']))
{
    $ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));
    $ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));
    $Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));
    $Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));
}

$ID='';
if ($con == '' || $ID == '' || $ProductName == '' || $Price == '' || $Stock =='') {
    $error = 'ERROR: Please fill in all required fields!';
}
else {
    $u = "INSERT INTO productorders (ID, ProductName, Price, Stock)
    VALUES
    ('$_POST[ID]','$_POST[ProductName]','$_POST[Price]','$_POST[Stock]')";
}

header("refresh:100;View.php");
?>

Answer 1

你可以在New.php文件中编写php代码，因为你在表单action.so中提到了New.php文件名。创建New.php文件并添加以下代码

New.php

<?php

 $con = mysqli_connect("localhost","root","");
 if (!$con) 
 {
     mysqli_select_db("stationaryonlinecustomers", $con);
 }

if (isset($_POST['submit']))

{

$ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));

$ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));

$Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));

$Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));

}


$ID='';
if ($con == '' || $ID == '' || $ProductName == '' || $Price == '' || $Stock =='')

{
$error = 'ERROR: Please fill in all required fields!';

}

else{

$u = "INSERT INTO productorders (ID, ProductName, Price, Stock)
VALUES
($ID,$ProductName,$Price,$Stock)";

}

header("refresh:100;View.php");

?>

我修改过插入查询，你可以在上面的代码中看到一次

Answer 2

似乎缺少查询执行：

$con = mysqli_connect("localhost","root","");
if (!$con) 
{
    mysqli_select_db("stationaryonlinecustomers", $con);
}

if (isset($_POST['submit']))
{
    $ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));
    $ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));
    $Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));
    $Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));

    if ($ID == '' || $ProductName == '' || $Price == '' || $Stock =='') {
        $error = 'ERROR: Please fill in all required fields!';
    }
    else {
        $u = "INSERT INTO productorders (ID, ProductName, Price, Stock) VALUES ('$ID','$ProductName','$Price','$Stock')";       
        mysqli_query($con,$u) or die(mysqli_error($con));
    }

}

header("refresh:100;View.php");

我在这段代码中遗漏了什么？

2 个答案: