创建表单并将数据存储在数据库中

时间:2014-09-13 16:53:28

标签: php forms form-submit

我正在创建一个简单的表单,接受来自用户的输入并将该数据存储到数据库中.......但我收到以下错误..我尝试了很多解决方案..但不是单一的工作! Plz帮助我..

这是我的代码..club.php 

<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" href="clubcs.css">
<title>Friends Club Registration</title>
</head>
<body>
<form action="insert.php" method="post">
<div style="text-align:center;">
<img src="logo.jpg" alt="img" height="200">
</div>
<div class="segment_header" style="width:auto;text-align:Left;">
   <h1 style="font-size:23px;">New Member Registration</h1>
</div>
<div class="text_field">
<p>First Name:<input type="text" name="first"></p>
<p>Last Name:<input type="text" name="last"></p>
<p>Address:<input type="text" name="addr"></p>
<p>City:<input type="text" name="city"></p>
<p>Contact no.:<input type="text" name="contact"></p>
<p><input type="submit"></p>
</div>
</form>
</body>
</html>

和insert.php 

<?php
$con=mysqli_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"clubinfo");
$first=mysqli_real_escape_string($con,isset($_POST['first']));
$last=mysqli_real_escape_string($con,isset($_POST['last']));
$addr=mysqli_real_escape_string($con,isset($_POST['addr']));
$city=mysqli_real_escape_string($con,isset($_POST['city']));
$contact= mysqli_real_escape_string($con,isset($_POST['contact']));
$sql1="INSERT INTO clubdata (FirstName, LastName, Address, City, Contact no.)
VALUES ('$first', '$last', '$addr', '$city', '$contact')";
if (!mysqli_query($con,$sql1))
{
die('Error: ' . mysqli_error($con));
}
echo "You have successfully registered with us!";
mysqli_close($con);
?>

2 个答案:

答案 0 :(得分:1)

错误(在您的问题中未显示)基于此Contact no.作为您的专栏。

首先,它包含一个空格和一个句点。如果这是您的实际列名,则应考虑将其重命名为Contact_no或使用其周围的反引号。

即:

`Contact no.`

或删除期间并将其重命名为(以及在您的数据库中):

`Contact no`

更改为

(FirstName, LastName, Address, City, `Contact no.`)

或删除期间并将其重命名为DB Contact no 

(FirstName, LastName, Address, City, `Contact no`)

或使用下划线将数据库重命名为Contact_no 

(FirstName, LastName, Address, City, Contact_no)

使用这种命名约定不被视为良好做法。 MySQL会抱怨它。

有关表/列标识符的更多信息,请访问MySQL.com网站:

另外,从变量中删除所有isset

$first=mysqli_real_escape_string($con,$_POST['first']);

你也可能正在注入MySQL不同意的字符,撇号,斜线等。仅使用mysqli_real_escape_string是不够的。添加stripslashes()

即:

$first=stripslashes($_POST['first']);
$first=mysqli_real_escape_string($con,$_POST['first']);

使用prepared statements会更容易使用。

答案 1 :(得分:0)

club.php没有变化.. insert.php中的一些变化...... 

<html>
<head>
<link rel="stylesheet" type="text/css" href="clubcs.css" />
</head>
<body>
<?php
$con=mysqli_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"clubinfo");
$first=stripslashes($_POST['first']);
$first=mysqli_real_escape_string($con,$_POST['first']);
$last=stripslashes($_POST['last']);
$last=mysqli_real_escape_string($con,$_POST['last']);
$addr=stripslashes($_POST['addr']);
$addr=mysqli_real_escape_string($con,$_POST['addr']);
$city=stripslashes($_POST['city']);
$city=mysqli_real_escape_string($con,$_POST['city']);
$contact=stripslashes($_POST['contact']);
$contact=mysqli_real_escape_string($con,$_POST['contact']);
$sql1="INSERT INTO clubdata (FirstName, LastName, Address, City,Contact_no)
VALUES ('$first', '$last', '$addr', '$city', '$contact')";
if (!mysqli_query($con,$sql1))
{
die('Error: ' . mysqli_error($con));
}
echo "You have successfully registered with us!";
mysqli_close($con);
?> 
</body>
</html>

再次感谢@Fred -ii- !!

相关问题
最新问题