使用PHP插入数据库

时间:2014-01-07 11:49:58

标签: php mysql

我昨天就此问了一个问题,但我已经用我的代码做了一些调整。我现在正在努力让任何人进入我的数据库。

HTML(person.html):

<body>

<form id="person" action="personuploader.php" method="post">
      <table class="#"> 
        <tr>
                <th colspan="2">Test 2</th>
            </tr>
            <tr>
                <td>Email Address:</td>
                <td><input type="text" id="email" name="email"> </td>
            </tr>
            <tr>
                <td>Type:</td>
                <td><input type="text" name="type"> </td>
            </tr>
            <tr>
                <td>Cats:</td>
                <td><input type="text" name="cats"> </td>
            </tr>
            <tr>
                <td></td>
                <td><input type="submit" value="Notify Me" name="submit">
            </tr>
        </table>  
    </form>
</body>
</html>

PHP(personuploader.php):

<?php
$con=mysqli_connect("?","?","?","?");
// Check connection

if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

if(isset($_POST['submit'])){

if(empty($_POST['email'] || empty($_POST['type']) || empty($_POST['cats']))
{
die("You need to fill in all the fields.");
}

$email = mysqli_real_escape_string($con, $_POST['email']);
$type = mysqli_real_escape_string($con, $_POST['type']);
$cats = mysqli_real_escape_string($con, $_POST['cats']);

$sql="INSERT INTO Persons (`email`, `type`, `cats`) 
VALUES ('$email','$type','$cats')";

if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}

header("Location: http://domain.co.uk/"); exit();

} // end of if(isset($_POST['upload']


else{ echo ("You cannot do this operation from here."); }

mysqli_close($con);
?>

虽然我以前的PHP允许条目填充数据库(打开SQL注入)但是我在这里没有成功,也没有任何数据库条目,有人可以指出我的方式错误吗?

此致

1 个答案:

答案 0 :(得分:0)

试试这个

<?php
$con=mysqli_connect("?","?","?","?"); //hope you are filling values...
// Check connection

if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}

if(isset($_POST['submit'])){

if(empty($_POST['email']) || empty($_POST['type']) || empty($_POST['cats']))
{
die("You need to fill in all the fields.");
}

$email = mysqli_real_escape_string($con, $_POST['email']);
$type = mysqli_real_escape_string($con, $_POST['type']);
$cats = mysqli_real_escape_string($con, $_POST['cats']);

$sql="INSERT INTO Persons (`email`, `type`, `cats`) 
VALUES ('$email','$type','$cats')";

if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}

header("Location: http://domain.co.uk/"); exit();

} // end of if(isset($_POST['upload']

 ?>
如果(空($ _ POST ['email'])缺失,

发现问题

相关问题
最新问题