我有这个表单,用于输入用户输入然后按下提交后它将值存储在数据库中。出于某种原因,在按下提交时,用户被重定向到视图页面,但数据未插入数据库中。
以下是添加记录代码:
<?php
/*
Allows the user to both create new records and edit existing records
*/
// connect to the database
include("connection.php");
// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($memberID = '', $username = '', $password ='', $firstname ='', $lastname ='', $address ='', $email ='', $error = '')
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($memberID != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($memberID != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solmemberID red; color:red'>" . $error
. "</div>";
} ?>
<form action= "" method="post">
<div>
<?php if ($memberID != '') { ?>
<input type="hidden" name="memberID" value="<?php echo $memberID; ?>" />
<p>MemberID: <?php echo $memberID; ?></p>
<?php } ?>
<strong>Username: *</strong> <input type="text" name="username" value="<?php echo $username; ?>"/><br/>
<strong>Password: *</strong> <input type="password" name="password" value="<?php echo $password; ?>"/><br/>
<strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
<strong>Last Name: *</strong> <input type="text" name="lastname" value="<?php echo $lastname; ?>"/><br/>
<strong>Address: *</strong> <input type="text" name="address" value="<?php echo $address; ?>"/><br/>
<strong>Email: *</strong> <input type="text" name="email" value="<?php echo $email; ?>"/><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
NEW RECORD
*/
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$username = htmlentities($_POST['username'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
$firstname = htmlentities($_POST['firstname'], ENT_QUOTES);
$lastname = htmlentities($_POST['lastname'], ENT_QUOTES);
$address = htmlentities($_POST['address'], ENT_QUOTES);
$email = htmlentities($_POST['email'], ENT_QUOTES);
// check that firstname and lastname are both not empty
if ($username == '' || $password == '' || $firstname == '' || $lastname == '' || $address == '' || $email == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($username, $password, $firstname, $lastname, $address, $email, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT into members (username, password, firstname, lastname, address, email) VALUES (?, ?, ?, ?, ?, ?)"))
{
$stmt->bind_param($username, $password, $firstname, $lastname, $address, $email, $error, $memberID);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close the mysqli connection
$mysqli->close();
?>
以下是视图页面:
<!DOCTYDOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>View Records</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1>View Records</h1>
<p><b>View All</b> | <a href="view-paginated.php">View Paginated</a></p>
<?php
// connect to the database
include('connection.php');
// get the records from the database
if ($result = $mysqli->query("SELECT * FROM members ORDER BY memberID"))
{
// display records if there are records to display
if ($result->num_rows > 0)
{
// display records in a table
echo "<table border='1' cellpadding='10'>";
// set table headers
echo "<tr><th>memberID
</th><th>username
</th><th>password
</th><th>firstname
</th><th>lastname
</th><th>address
</th><th>email";
while ($row = $result->fetch_object())
//print "<pre>"; print_r($row); exit;
{
// set up a row for each record
echo "<tr>";
echo "<td>" . $row->memberID . "</td>";
echo "<td>" . $row->username . "</td>";
echo "<td>" . $row->password . "</td>";
echo "<td>" . $row->firstname . "</td>";
echo "<td>" . $row->lastname . "</td>";
echo "<td>" . $row->address . "</td>";
echo "<td>" . $row->email . "</td>";
echo "<td><a href='edit.php?memberID=" . $row->memberID . "'>Edit</a></td>";
echo "<td><a href='delete.php?memberID=" . $row->memberID . "'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
}
// if there are no records in the database, display an alert message
else
{
echo "No results to display!";
}
}
// show an error if there is an issue with the database query
else
{
echo "Error: " . $mysqli->error;
}
// close database connection
$mysqli->close();
?>
<a href="addrecord.php">Add New Record</a>
</body>
</html>
答案 0 :(得分:1)
第一个错误是使用不正确的参数调用的bind_param。请参阅mysqli_stmt_bind_param
的文档另一个错误是需要绑定的params数(通过使用prepare()构建的sql查询,这与您与bind_param绑定的数量不同。
我还建议您替换行$stmt->***;以添加更多错误检查点
$res = $stmt->bind_param(/* correct your code according to the doc :) */);
if (!$res)
echo 'error when binding params : '.$stmt->error;
else
{
$res = $stmt->execute();
if (!$res)
echo 'error at stmt->execute() '.$stmt->error;
}
答案 1 :(得分:0)
您需要告诉数据类型如下:
$stmt->bind_param("sssssssi", $username, $password, $firstname, $lastname, $address, $email, $error, $memberID);
假设所有字符串除了我假设的id是整数