我试图将一个表单中的两个文本字段拉到一个基本的mySQL DB中,这给我带来了麻烦。所以这是我的两个文件,首先是HTML表单:
<!DOCTYPE html>
<html>
<body>
<title>Home Page</title>
<h3>Please Place your Order Below:</h3>
<form action="tacoOrder.php" method="POST" />
<p>Name: <input type="text" name="name" /></p>
<p>Taco Order: <input type="text" name="tacoOrder" /></p>
<input type="submit" value="Submit" />
</form>
</body>
</html>
和PHP:
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
echo "HOLY EFF";
$name = $_POST('name');
$tacoOrder = $_POST('tacoOrder');
$query = "INSERT INTO orders ('name', 'tacoOrder') VALUES ('{$name}', '{$tacoOrder}')";
if(!mysql_query($query)
{
die("DAMMIT");
}
$mysql_close();
?>
它没有给出连接错误,但没有数据插入到我的数据库中。有什么想法吗?
感谢。
答案 0 :(得分:7)
其他人已经给你答案了。要添加,您在列名称周围使用引号,这些引号应该是反引号或完全删除引号。
变化:
INSERT INTO orders ('name', 'tacoOrder')
^ ^ ^ ^
到
INSERT INTO orders (`name`, `tacoOrder`)
或
INSERT INTO orders (name, tacoOrder)
或作为完整答案:
$name = $_POST['name'];
$tacoOrder = $_POST['tacoOrder'];
$query = "INSERT INTO orders (`name`, `tacoOrder`) VALUES ('$name', '$tacoOrder')";
旁注:不需要反引号,但不能使用列名的单引号。这只是习惯的一种力量,我自己在列名称周围使用反引号。
另外,这个$mysql_close();在$前面不应该有mysql_close,而在括号内不应该有$link:
更改为mysql_close($link);
然而正如Alien先生所指出的,mysql_close()的变量是可选的(谢谢你)
)中您还缺少if(!mysql_query($query),其中应显示为if(!mysql_query($query))
请考虑使用预准备语句或PDO切换到mysqli_*函数。 mysql_*函数已弃用,将在以后的版本中删除。
完全重写:( 测试并在我的服务器上工作)
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
echo "HOLY EFF";
$name = $_POST['name'];
$tacoOrder = $_POST['tacoOrder'];
$query = "INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')";
if(!mysql_query($query))
{
die("DAMMIT");
}
else{ echo "Success"; }
mysql_close();
?>
您也可以使用稍有不同的方法:
$query = mysql_query("INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')");
if (!$query) {
die('Invalid query: ' . mysql_error());
}
else{ echo "Success"; }
<强>脚注:
您可能会获得空数据条目,因为您没有检查表单元素是否为空。
您可以使用条件语句来实现:
if(!empty($_POST['name']) || !empty($_POST['tacoOrder']))
{
// continue with code processing
}
另外,请使用Awlad在his answer中提到的有关使用mysql_real_escape_string()
你也可以在SO How can I prevent SQL injection in PHP?
这是一个基本的mysqli_*方法,带有mysqli_real_escape_string()函数和条件语句,用于检查是否有任何字段为空。
如果其中一个字段为空,则查询将不会执行。
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysqli_error());
}
$db_select = mysqli_select_db($link,DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysqli_error());
}
echo "HOLY EFF";
$name = mysqli_real_escape_string($link,$_POST['name']);
$tacoOrder = mysqli_real_escape_string($link,$_POST['tacoOrder']);
if(!empty($_POST['name']) || !empty($_POST['tacoOrder'])){
$query = "INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')";
if(!mysqli_query($link,$query))
{
die("DAMMIT");
}
else{ echo "Success"; }
mysqli_close($link);
}
?>
答案 1 :(得分:4)
基本PHP:$ _POST是 ARRAY 。这不是一个功能:
$name = $_POST('name');
^------^--- should be []
答案 2 :(得分:2)
不需要'{}'和$ _POST('name')
$name = $_POST['name'];
$tacoOrder = $_POST['tacoOrder'];
$query = "INSERT INTO orders ('name', 'tacoOrder') VALUES ('$name','$tacoOrder')";
答案 3 :(得分:1)
hi @ user2839411即使我遇到了同样的问题,其中值没有插入到mysql数据库中,因此尝试在许多相关网站中进行搜索,但最后w3schools帮助我实现了结果。 这是下面的代码,将值插入数据库。
PHP代码:
<?php
$servername = "localhost";
$username = "root";
$password = "password";
$dbname = "dbitb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['btn-signup']))
{
$name = ($_POST['name']);
$address = ($_POST['address']);
$email = ($_POST['email']);
$mobile = ($_POST['mobile']);
$highest_degree = ($_POST['highest_degree']);
$relavant_exp = ($_POST['relavant_exp']);
$sql = "INSERT INTO dbitb.volunteer_reg (name,address,email,mobile,highest_degree,relavant_exp)
VALUES ('$name','$address','$email','$mobile','$highest_degree','$relavant_exp')";
if ($conn->query($sql) === TRUE)
{
echo "New record created successfully";
}
else
{
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
HTML CODE:
<form method="post" action ="register.php" id="contact-form">
<input type="text" name="name" placeholder="name" required />
<textarea id = "address" name="address" placeholder="address" required /></textarea>
<input type="email" name="email" placeholder="email" required />
<input type="mobile" name="mobile" placeholder="mobile" required />
<input type="highest_degree" name="highest_degree" placeholder="highest degree" required />
<textarea id = "relavant_exp" name="relavant_exp" placeholder="relavant experience" required /></textarea>
<div class="btn-group" role="group">
<input type="submit" class="btn btn-default" name="btn-signup" value="Enter the box" style="margin-top: 15px; margin-right: 15px; border-radius: 4px;">
<a href="index.html"><button type="button" class="btn btn-default" style="margin-top: 15px;">« Back</button></a>
</div>
</form>
答案 4 :(得分:0)
所有$_POST('var_name')都应为$_POST['var_name'];
替换
$name = $_POST('name');
$tacoOrder = $_POST('tacoOrder');
by:
$name =mysql_real_escape_string($_POST['name']);
$tacoOrder = mysql_real_escape_string($_POST['tacoOrder']);
答案 5 :(得分:0)
我遇到了同样的挑战。这是我在12个令人沮丧的时间后解决它的方式。
<?php
if(isset($_POST['button'])){
// echo "hi";
$username = $_POST['username'];
$password = $_POST['password'];
//TO ALERT SUBMISSION OF BLANK FIELDS(IT DOESN'T PREVENT SUBMISSION OF BLANK FIELD THOUGH)
if (!$username && !$password){
echo "can't submit blank fields";
}
//TO CONFIRM YOU ARE CONNECTED TO YOUR DATABASE (OPTIONAL)
$connection = mysqli_connect('localhost', 'root', '', 'berrybells');
if ($connection){
echo "we are connected";}
else{
die("connection failed");
}
//TO INSERT username and password from field to jossyusers database
$query = "INSERT INTO jossyusers(username,password) VALUES('$username','$password')";
$result = mysqli_query($connection, $query);
if(!$result){
die("OOPPS! query failed".mysqli_error($connection));
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login Page</title>
</head>
<body>
<form action="login_create.php" method="post">
<div class="myclass">
<h1>Username</h1>
<input placeholder="Name" name="username" type="text">
<input placeholder="Password" name="password" type="password">
<input type="submit" name="button" value="submit">
<?php
?>
</div>
</form>
</body>
</html>
答案 6 :(得分:0)
检查数据库中和插入的INTO中的字段是否相同:
ejm: BD: fiel1 varchar ...
插入INTO(fiel1)