我在将信息插入sql数据库时遇到问题。 用户需要回答问题并提交。
<!DOCTYPE html>
<html>
<head>
<title>Some title</title>
</head>
<body>
<form action="neg.php" method="post">
<b>Enter a title:</b><br /><input type="text" name"title" /><br />
<input type="submit" value="I !" />
</form>
</body>
</html>
php页面如下所示:
<?php
/* get all input*/
$connection = mysqli_connect("localhost","X","Y","Z") or die("Some error occurred during connection " . mysqli_error($connection));
$sql="INSERT INTO xyz (title)
VALUES
('$_POST[title]')";
if (!mysqli_query($connection,$sql))
{
die('Error: ' . mysqli_error($connection));
}
echo "1 record added";
?>
有人可以帮帮我吗?我真的被困了,尝试了一百万件事,但根本看不出有什么问题。我也没有收到错误,所以我不确定问题是什么。有人可以帮帮我吗?
提前致谢!
答案 0 :(得分:1)
OP在我提交此答案后,从编辑中将INSERT INTO dislike更改为INSERT INTO xyz,包括将value="I don't want to see this show ever again!"更改为value="I !"
原始问题的原始答案:
您的查询无效的原因是=
name"title"
将其更改为name="title"
您还应该考虑使用prepared statements或PDO。
您现在使用的方法向SQL injection
我通过以下方式让您更加安全:
<?php
/* get all input*/
$connection = mysqli_connect("localhost","X","Y","Z") or die("Some error occurred during connection " . mysqli_error($connection));
$title=mysqli_real_escape_string($connection,$_POST['title']);
$sql="INSERT INTO dislike (title) VALUES ('$title')";
if (!mysqli_query($connection,$sql))
{
die('Error: ' . mysqli_error($connection));
}
echo "1 record added";
?>
HTML重写:
<!DOCTYPE html>
<html>
<head>
<title>Dislike series</title>
</head>
<body>
<form action="neg.php" method="post">
<b>Enter a title:</b><br /><input type="text" name="title" /><br />
<input type="submit" value="I don't want to see this show ever again!" />
</form>
</body>
</html>
以下是prepared statements的一些教程,您可以学习并尝试:
以下是PDO的一些教程: