我正在尝试创建一个将数据发送到DB的简单HTML表单:
形式:
<form action="processor.php" method="post">
<div class="field-box">
<label>Name:</label>
<input type="text" name="name" />
</div>
<div class="field-box">
<label>Age:</label>
<input type="text" />
</div>
<div class="field-box">
<label>Phone Number:</label>
<input type="text" name="email" />
</div>
<div class="field-box">
<label>Email:</label>
<input type="text" name="username"/>
<input type="submit">
</form>
用于在processor.php上发送数据的SQL:
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$_POST['name']','$_POST['age']', '$_POST['phone']', '$_POST['email']')";
mysqli_close($connect);
我没有收到错误消息,它只是将我带到一个空白页面,并且没有记录插入数据库。
答案 0 :(得分:1)
年龄输入缺少名称。
<div class="field-box">
<label>Age:</label>
<input type="text" name="age" />
</div>
并且也不要直接插入$_POST数据。最好使用 mysqli_real_escape_string 来增强安全性。您的插入查询也缺少结束括号
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
$name = mysqli_real_escape_string($connect, $_POST['name']);
$age = mysqli_real_escape_string($connect, $_POST['age']);
$phone = mysqli_real_escape_string($connect, $_POST['phone']);
$email = mysqli_real_escape_string($connect, $_POST['email']);
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$name', '$age', '$phone', '$email')");
答案 1 :(得分:0)
您的查询似乎有问题:修改后的查询似乎
mysqli_query($connect,"INSERT INTO users (name, age, phone, email)
VALUES ('".$_POST['name']."','".$_POST['age']."', '".$_POST['phone']."', '".$_POST['email']."')";
直接插入值而不进行验证不是一个好习惯。
在您输入数据库之前使用mysqli_real_escape_string