将用户输入数据插入数据库

时间:2014-10-27 04:37:17

标签: php insert

我有一个表格(" aud.php"),有3个字段: 年份:可以是(fe,se,te,be) SEMESTER:可以是(1或2) SUBJECT:可以是(任何VARCHAR数据类型)

现在,我有一个数据库(" einternals"),有四个表(fe,se,te,be)。每个表有2个字段(sem1或sem2)。问题是当我提交表单时,数据没有插入到数据库中。

HERE"" aud.php"文件:      

$con = mysql_connect("localhost","root","","einternals");
if (!$con)
{
 die('Could not connect: ' . mysql_error());
}
else
{
echo "Go ahead and edit";
}
?>

<html>
<body background="bg1.jpg">
<h2 align="left"><a href="logout.php">LOGOUT</a></h2>

<form action="add.php" method="post">
<h1 align="center"><u>ADD A SUBJECT</u></h1>

<p align="center">&nbsp&nbsp&nbsp&nbspYEAR: <input type="text" name="year" required/></p><br>

<p align="center">SEM: <input type="text" name="sem" required/></p><br>

<p align="center">&nbsp&nbspSUBJECT: <input type="text" name="subject" required /></p><br>

<p align="center"><input type="submit" value="ADD" /></p>

</form>

<form action="delete.php" method="post">
<h1 align="center"><u>DELETE A SUBJECT</u></h1>

<p align="center">&nbsp&nbsp&nbsp&nbspYEAR: <input type="text" name="year" required/></p><br>

<p align="center">SEM: <input type="text" name="sem" required/></p><br>

<p align="center">&nbsp&nbspSUBJECT: <input type="text" name="subject" required /></p><br>


<p align="center"><input type="submit" value="DELETE" /></p>

</form>

</body>
</html>

这是&#34; add.php&#34;文件:

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
 die('Could not connect: ' . mysql_error());
}
else
{
 mysql_select_db("einternals", $con);
 if('$_POST[sem]'==1)
  {
   $sql="INSERT INTO '$_POST[year]'(sem1)
   VALUES
   ('$_POST[subject]')";

   if (!mysql_query($sql,$con))
   {
   die('Error: ' . mysql_error());
   }
}
else
{
 $sql="INSERT INTO '$_POST[year]'(sem2)
 VALUES
 ('$_POST[subject]')";

 if (!mysql_query($sql,$con))
 {
  die('Error: ' . mysql_error());
 }
}
echo "Operation successful";


}
mysql_close($con)
?>

4 个答案:

答案 0 :(得分:0)

查询中需要的空格,不需要引号。 

instead of  - `"INSERT INTO '$_POST[year]'(sem1)
VALUES
('$_POST[subject]')"`

试试这个 - 

"INSERT INTO ".$_POST['year']." (sem1)
VALUES
('$_POST[subject]')"

答案 1 :(得分:0)

尝试连接

  $con = mysql_connect("localhost","root","");
    mysql_select_db("einternals");

您必须使用mysql_select_db()来选择您的数据库 您正尝试将数据库连接设为mysqli_ * function

答案 2 :(得分:0)

只需删除单引号并在表名和列名之间添加空格

$sql="INSERT INTO $_POST[year] (sem1)
   VALUES
   ('$_POST[subject]')";

不建议使用mysql_*使用PDO来阻止您的应用程序进行SQL注入:What is PDO , how it's related with sql injection & why i should use this?

答案 3 :(得分:0)

尝试添加适当的引用以发布数据以供检查和查询

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
 die('Could not connect: ' . mysql_error());
}
else
{
 mysql_select_db("einternals", $con);
 if($_POST['sem']==1)
  {
   $sql="INSERT INTO ".$_POST['year']." (sem1) VALUES ('".$_POST['subject']."')";
   if (!mysql_query($sql,$con)) {
     die('Error: ' . mysql_error());
   }
}
else {
 $sql="INSERT INTO ".$_POST['year']." (sem2) VALUES ('".$_POST['subject']."')";
 if (!mysql_query($sql,$con)) {
  die('Error: ' . mysql_error());
 }
}
echo "Operation successful";
}
mysql_close($con)
?>

注意: - mysql_*已被弃用,使用mysqli_*pdo 

    you need to escape post data to prevent `sql injection`
相关问题
最新问题