我有一个用于向数据库添加信息的表单,但查询无法正常运行且根本没有添加信息。
这是我试图执行的php代码,但它会一直发出第一个错误或完全转到最后一个else语句:
<?php
if (!isset ($_POST['submit']))
{
include ("add_contact.php");
}
else
{
$name = $_POST['Name'];
$phone_num = $_POST['main_num'];
$sec_num = $_POST['sec_num'];
$email = $_POST['email'];
$cus_type=$_POST['cusType'];
$business = $_POST['business'];
$address = $_POST['address'];
$service = $_POST['service'];
$notes = $_POST['comment'];
include ("dbcon.php");
fopen ("dbcon.php", "r"); //used because of bad experiences prior with include() only
if ($cus_type == 'Corporate'){
$result = mysqli_query($connect,"INSERT INTO customers WHERE ('$name', '$phone_num', '$cus_type', '$sec_num', '$email', '$address', '$business', '$service', '$notes') ");
if ($result){
echo "Thank you for adding the Contact to the Database!";
}
else{
echo "ERROR: Corporate Customer Not Added to Database";
}
}
else if ($cus_type == 'Private'){
$result = mysqli_query($connect,"INSERT INTO private_customers WHERE ('$name', '$phone_num', '$cus_type', '$sec_num', '$email', '$address', '$business', '$service', '$notes') ");
if ($result){
echo "Thank you for adding the Contact to the Database!";
}
else{
echo "ERROR: Private Customer Not Added to Database";
}
}
else{
echo "Contact Invalid. Please Try Again.";
}
}
?>
任何评论或答案都有助于发现我的代码中出现了什么问题。还有一个注意事项,这是一个公司的内部网站,这里没有人(除了告诉我这个的人)知道MYSQL和PHP。
答案 0 :(得分:3)
您的插入语法无效,这是有效的语法
INSERT INTO customers (field1, field2) VALUES (val1, val2);
你也有一个严重的sql注入vunerability ..你应该看HERE寻求帮助
我建议您使用参数化查询和预处理语句......这个SO POST很好地涵盖了它
所以我不仅提供链接,而且这里只有样本你应该做什么
$mysqli = new mysqli("server", "username", "password", "database_name");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$qry = $mysqli->prepare('INSERT INTO customers (name, phone, type, section, email, address, business, service, notes) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$qry->bind_param('s', $name, $phone_num, $sec_num, $email, $cus_type, $business, $address, $service, $notes);
// can do it in one statement rather than multiples..
//$qry->bind_param('s', $name);
//$qry->bind_param('s', $phone_num);
//$qry->bind_param('s', $sec_num);
//$qry->bind_param('s', $email);
//$qry->bind_param('s', $cus_type);
//$qry->bind_param('s', $business);
//$qry->bind_param('s', $address);
//$qry->bind_param('s', $service);
//$qry->bind_param('s', $notes);
$qry->execute();
$qry->close();
你必须是编程的新手..你的if()语句总是会被执行...这意味着你总是要插入数据库..这就是为什么..
if ($cus_type = $_POST['Corporate']){
这里$ cus_type等于另一个名为$_POST['cusType']的东西,但在if语句中你将它分配给$ _POST ['Corporate'] ...它将始终执行,因为它是一个真实的语句..
这就是if语句在逻辑上执行的方式..
if(boolean statement){
//executes when true
};
if(true){
//always executes
};
if('a' == 'b'){
//will not execute
};
$a = 'a';
$b = 'b';
if($a == $b){
//will not execute
};
if($a = $b){
//will always execute because its assigning the value which is a boolean true statement.
};
答案 1 :(得分:0)
您还可以使用和更新类似语法来指定插入,有些人会发现它们更具可读性。
INSERT INTO customers
SET
field1 = value1
, field2 = value2
, field3 = value3
等等......