如何将HTML表单插入MySQL数据库?

时间:2012-09-25 02:26:36

标签: php mysql html

我正在开发一个计费系统,这是非常基本的,但我想知道你是否可以帮助我使用我的代码。如何将HTML表单中的数据插入MySQL数据库?我的代码:

<?php

if (isset($_POST['submitted'])) {

    include('connect-mysql.php');

    $date = $_POST['date'];
    $charge = $_POST['charge'];
    $payment = $_POST['payment'];
    $client_no = $_POST['client_no'];
    $client_name = $_POST['client_name'];
    $check_no = $_POST['check_no'];
    $check = $_POST['check'];
    $cash = $_POST['cash'];
    $notes = $_POST['notes'];
    $staff_initials = $_POST['staff_initials'];
    $sqlinsert = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', 'payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";

    if (!mysqli_query($dbcon, $sqlinsert)) {
        die('There was an error when trying to process your payment. Please contact technical support.');
    } //end of nested if statement

} // end of the main if statement
?>

<html>
<head>
    <title>New Payment</title>
</head>
<body>
<h1>Please Input Payment Details</h1>
<form action="new_payment.php" method="POST">
<input type="hidden" name="submitted" value="true" />
<fieldset>
    <legend>New Payment</legend>
    <label>Date:<input type="text" name="date" /></label><br>
    <label>Today's Charge: <input type="text" name="charge" /></label><br>
    <label>Today's Payment: <input type="text" name="payment" /></label><br>
    <label>Client Number: <input type="text" name="client_no" /></label><br>
    <label>Client Name: <input type="text" name="client_name" /></label><br>
    <label>Check Number: <input type="text" name="check_no" /></label><br>
    <label>Check: <input type="text" name="check" /></label><br>
    <label>Cash: <input type="text" name="cash" /></label><br>
    <label>Notes: <input type="text" name="notes" /></label><br>
    <label>Staff Initials: <input type="text" name="staff_initials" /></label><br>
</fieldset>
<br />
<input type="submit" value="Process Payment">
</form>
</body>
</html>

请帮助我,这对于我及时完成这一点非常重要......

3 个答案:

答案 0 :(得分:2)

第一个错误: -

if (isset($_POST['submitted']))

<input type="submit" value="Process Payment">

改为: -

if($_POST['process'] == 'Process Payment') 
<input name="process" type="submit" id="process" value="Process Payment">

您可以使用此代码(以防止SQL注入):

// CONNECTION TO DATABASE

$mysqli = new mysqli('HOST','USERNAME','PASSWORD','DATABASE'); 

// CHECK CONNECTION

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}        

$sqlinsert = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES (?,?,?,?,?,?,?,?,?,?)";

$stmt = $mysqli->prepare($sqlinsert);

    $date = $_POST['date'];
    $charge = $_POST['charge'];
    $payment = $_POST['payment'];
    $client_no = $_POST['client_no'];
    $client_name = $_POST['client_name'];
    $check_no = $_POST['check_no'];
    $check = $_POST['check'];
    $cash = $_POST['cash'];
    $notes = $_POST['notes'];
    $staff_initials = $_POST['staff_initials'];

$stmt->bind_param("ssssssssss",$date, $charge, $payment, $client_no, $client_name, $check_no, $check, $cash, $notes, $staff_initials );

//EXECUTE QUERY
$stmt->execute();

$rowcount = $stmt->affected_rows;


if ($rowcount > 0)
{
echo "Success!";
}

else
{
echo "Error!";
}

//CLOSE EXECUTE
$stmt->close();

答案 1 :(得分:0)

我不确定,但我认为你应该改变

if (isset($_POST['submitted']))

if (isset($_POST['submit']))

<input type="submit" value="Process Payment">

<input type="submit" name="submit" id="submit" value="Process Payment">

并将$付款用于INSERT命令

$sqlinsert = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";

答案 2 :(得分:-1)

如果您在插入数据库时​​遇到问题,请更改

 $sqlinsert = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', 'payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";

 $sqlinsert = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";

您忘记在插入值

之前存入$