第一个SQL数据库不起作用

时间:2018-07-24 19:48:22

标签: php mysql mysqli

我正在从事我的个人项目,我接受姓名和电子邮件,所以我创建了一个数据库:

emailtemp,其列为“名称”和“电子邮件”

PHPMyAdmin Page

HTML表单:

<form method="post" action="connect.php" class="contact100-form validate-form">
    <div class="wrap-input100 m-b-10 validate-input" data-validate = "Name is required">
            <input class="s2-txt1 placeholder0 input100" type="text" name="username" placeholder="Your Name">
            <span class="focus-input100"></span>
    </div>

    <div class="wrap-input100 m-b-20 validate-input" data-validate = "Email is required: ex@abc.xyz">
        <input class="s2-txt1 placeholder0 input100" type="text" name="emailAddress" placeholder="Email Address">
        <span class="focus-input100"></span>
    </div>

    <div class="w-full">
        <button class="flex-c-m s2-txt2 size4 bg1 bor1 hov1 trans-04">
            Subscribe
        </button>
    </div>
</form>

PHP文件:

<?php
$connect = mysqli_connect("mysql.*****.net","*****","****>","emailtemp");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO posts (customerName, customerEmail)
VALUES ('$_POST[username]', '$_POST[emailAddress]')";

?>

基于我阅读并查看的所有内容,它应该可以工作,但是在单击“订阅”后,它会显示connect.php并显示“当前无法处理此请求。 HTTP错误500“

是否有一种方法可以使该过程在后台运行并停留在同一页面上并说成功?

3 个答案:

答案 0 :(得分:1)

http://php.net/manual/en/mysqli.prepare.php 

$connect = mysqli_connect("mysql.*****.net","*****","****>","emailtemp");

if ($stmt = $mysqli_prepare($connect,"INSERT INTO posts (customerName, customerEmail) VALUES (?, ?)")) {
    mysqli_stmt_bind_param($stmt, "ss", $_POST['username'],$_POST['emailAddress']);
    mysqli_stmt_execute($stmt);
}

答案 1 :(得分:0)

  1. 似乎您在)通话结束时错过了mysqli_query()

  2. 如果您的数据库确实是这样的:

      

    emailtemp,其列为“名称”和“电子邮件”

..那么您应该匹配查询中的内容:

mysqli_query($connect,"INSERT INTO emailtemp (name, email)
VALUES ('$_POST[username]', '$_POST[emailAddress]')");
  1. 建议先检查用户名/电子邮件,如果他们是空的会抛出异常。

像这样:

$username = $_POST[username];
$email = $_POST[emailAddress];
if ($username && $email) {
  // stuff here
} else {
  // other stuff here
}

答案 2 :(得分:0)

您忘了用)关闭mysqli_query函数,而忘记了用户名和emailAdress的方括号

mysqli_query($connect,"INSERT INTO posts (customerName, customerEmail)
VALUES ('$_POST[username]', '$_POST[emailAddress]')");

此代码还使您容易受到SQL injection

的攻击

用户可以将其他命令注入SQL Server,并以管理员权限执行。

您可以使用PDO,这是PHP中SQL的安全实现(如果正确使用的话)

在您的示例中为:

    $dbhost = "your-host";
    $dbname = "your-db-name";
    $dbusername = "your-username";
    $dbpassword = "your-password";

    $conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);

    $statement = $conn->prepare("INSERT INTO posts (customerName, customerEmail)
VALUES (:username, :emailAddress");
    $statement->execute(array(
        "username" => $_POST['username'],
        "emailAdress" => $_POST['emailAdress']
    ));
相关问题
最新问题