我对此失去了理智,我真的可以使用一些方向。只是尝试与PHP一起学习PDO并且无法理解逻辑。我一直试图在网上找到一些能够展示这次测试尝试流程的好例子,而且我真的很难过。
有人,即使你不得不惹火我(虽然像任何人一样,我不想你),给我一些方向,我正在做些可怕的错误?我正在建立这个以开始我的理解。有很多关于使用mysqli但不是pdo的信息,这让我疯狂。
提前致谢。这是代码:
<?php
# connection info to the db
$host = "--shadowed--";
$dbname = "--shadowed--";
$user = "--shadowed--";
$pass = "--shadowed--";
# pdo options/attributes
$opt = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ); // not getting errors
# data source name
$dsn = "mysql:host=$host;dbname=$dbname";
# basic pdo connection (with added option for error handling)
if (isset($_POST['submit'])) {
try {
$DBH = new PDO($dsn, $user, $pass, $opt);
$STH = $DBH->prepare("INSERT INTO data (name,email,phone,detail,cost) VALUES (:name,:email,:phone,:detail,:cost)");
$STH->bindParam(':name', $name);
$STH->bindParam(':email', $email);
$STH->bindParam(':phone', $phone);
$STH->bindParam(':detail', $detail);
$STH->bindParam(':cost', $cost);
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$detail = $_POST['detail'];
$cost = $_POST['cost'];
$STH->execute();
echo $STH; // attempted to echo back the data, but nothing happens
} catch (PDOException $e) {
echo $e->getMessage(); // no errors
}
}
echo '<form method="POST" action="">';
echo '<p>Enter the below information if you want to live:</p>';
echo 'Name: <input type="text" name="name"><br />';
echo 'E-mail: <input type="text" name="email"><br />';
echo 'Phone: <input type="text" name="phone"><br />';
echo 'Order will be generated randomly from class (once built)<br />';
echo 'Description: <input type="text" name="detail"><br />';
echo 'Cost: <input type="text" name="cost"><br />';
echo '<input type="submit" value="Do-It"></form>';
# close the connection
$DBH = null;
?>
(仍然是新手,所以目前无法回答我自己的问题)
所以首先,我没有提出这个......这真的是每个人的混合。在我尝试从我的知识中学习所有缺失的链接时,我感谢每个人的帮助和时间。
主要问题似乎是当我使用我原来的尝试来使用if (isset($_POST['submit']))时,它实际上并没有做或发送任何东西。没有错误......没有数据库问题......只是一堆没什么。我们删除了它,发现它被阻止了(ty @Fred)。虽然这并没有改变代码的工作方式,但使用@ hjpotter92建议会变得更有效率。然后我们看了如何使用这个单页提交。我最后使用@ Fred's和@david strachan建议的混合,因为两者都没有给我正确的反应,然后我添加了一个if / else语句来执行检查,如果它通过,运行try / catch。
这不是艺术作品,但我学到了很多,并感谢他们的帮助。此外,我认为在那里人们可以碰到看到一个完整的例子会很好。如果你们中的任何人有任何其他建议,请告诉我。除了学习基础知识外,我还在回顾如何帮助反对SQL注入(这个测试可能没有完全覆盖)。
#------------------ Working Code ------------------#
# pdo options/attributes
$opt = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION );
# data source name
$dsn = "mysql:host=$host;dbname=$dbname";
# basic pdo connection (with added option for error handling)
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!$_POST['name'] || !$_POST['email'] || !$_POST['phone'] || !$_POST['detail'] || !$_POST['cost']) {
echo "<p>Please supply all of the data! You may press your back button to attempt again minion!</p>";
exit;
} else {
try {
$DBH = new PDO($dsn, $user, $pass, $opt);
$STH = $DBH->prepare("INSERT INTO data (name,email,phone,detail,cost) VALUES (:name,:email,:phone,:detail,:cost)");
$STH->bindParam(':name', $_POST['name']);
$STH->bindParam(':email', $_POST['email']);
$STH->bindParam(':phone', $_POST['phone']);
$STH->bindParam(':detail', $_POST['detail']);
$STH->bindParam(':cost', $_POST['cost']);
$STH->execute();
} catch (PDOException $e) {
echo $e->getMessage();
}
echo "<p>Data submitted successfully</p>";
}
}
echo '<form method="POST" action="">';
echo '<p>Enter the below information if you want to live:</p>';
echo 'Name: <input type="text" name="name"><br />';
echo 'E-mail: <input type="text" name="email"><br />';
echo 'Phone: <input type="text" name="phone"><br />';
echo 'Order will be generated randomly<br />';
echo 'Description: <input type="text" name="detail"><br />';
echo 'Cost: <input type="text" name="cost"><br />';
echo '<input type="submit" value="Do-It"></form>';
# close the connection
$DBH = null;
?>
答案 0 :(得分:2)
要检查请求是否为POST类型,请使用$_SERVER['REQUEST_METHOD'] Documentation
// Get POST variables
$name = isset($_POST['name']) ? $_POST['name'] : '';
$name = isset($_POST['email']) ? $_POST['email'] : '';
$name = isset($_POST['phone']) ? $_POST['phone'] : '';
$name = isset($_POST['detail']) ? $_POST['detail'] : '';
$name = isset($_POST['cost']) ? $_POST['cost'] : '';
If($_SERVER['REQUEST_METHOD'] == "POST") {
Try{
Remainder of code
答案 1 :(得分:1)
从以下
切换订购$STH->bindParam(':name', $name);
$STH->bindParam(':email', $email);
$STH->bindParam(':phone', $phone);
$STH->bindParam(':detail', $detail);
$STH->bindParam(':cost', $cost);
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$detail = $_POST['detail'];
$cost = $_POST['cost'];
到
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$detail = $_POST['detail'];
$cost = $_POST['cost'];
$STH->bindParam(':name', $name);
$STH->bindParam(':email', $email);
$STH->bindParam(':phone', $phone);
$STH->bindParam(':detail', $detail);
$STH->bindParam(':cost', $cost);
或只是使用:
$STH->bindParam(':name', $_POST['name']);
$STH->bindParam(':email', $_POST['email']);
$STH->bindParam(':phone', $_POST['phone']);
$STH->bindParam(':detail', $_POST['detail']);
$STH->bindParam(':cost', $_POST['cost']);
答案 2 :(得分:1)
这不是答案,而是可以提供帮助的表单验证功能。
我确信有多种方法可以实现这一目标,但它肯定会让你开始。
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$detail = $_POST['detail'];
$cost = $_POST['cost'];
if (isset($_POST['submit'])) {
if (empty($name) || empty($email) || empty($phone))) || empty($detail))) || empty($cost)) {
// do something
exit;
}
if (!empty($name) || !empty($email) || !empty($phone))) || !empty($detail))) || !empty($cost)) {
// do something else
// for example, write the data in database
exit;
}
}
答案 3 :(得分:0)
为什么要让用户发送空白表单?使用javascript处理客户端的“请提供所有数据”警告。在不满足所有要求的情况下,不允许表单通过javascript。