从自定义表单将数据插入Wordpress数据库表

时间:2014-10-27 06:30:46

标签: php mysql database wordpress forms

我试图通过创建表格将数据插入Wordpress数据库。我创建了表,但是当我尝试从表单插入数据时,它不会插入数据。我已检查数据库连接是否正常,但插入不会发生。有人可以帮我吗?这是我的代码: -

<?php
    require_once('/wp-config.php');
    global $wpdb;

    if(isset($_POST['submit'])){
        $wpdb->insert( 'wp_post_job', array( 'organizationname' =>
        $_POST['organizationname'], 'post' => $_POST['post'], 'publishfrom' =>
        $_POST['publishfrom'], 'publishupto' => $_POST['publishupto'],
        'qualification1' => $_POST['qualification1'], 'qualification2' =>
        $_POST['qualification2'], 'qualification3' => $_POST['qualification3'],
       'qualification4' => $_POST['qualification4'], 'experience1' =>
        $_POST['experience1'], 'experience2' => $_POST['experience2'],
       'experience3' => $_POST['experience3'], 'training1' => $_POST['training1'], 'training2' => $_POST['training2'], 'training3' => $_POST['training3'],
       'training4' => $_POST['training4'], 'training5' => $_POST['training5'] ),
        array( '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s' ) );
    }
?>

<?php
/*
Template Name: Form
*/
?>
<?php global $pc_theme_object; /* Reference theme framework class */ ?>
<?php get_header(); ?>

<form action="" id="postjob" method="post">
    <table>
        <tr>
            <td><label for="organizationname">Organization Name:</label></td>
            <td><input type="text" name="organizationname" id="organizationname" value="/></td>
        </tr>
        <tr>
            <td><label for="post">Post:</label></td>
            <td><input type="text" name="post" id="post" value="" /></td>
        </tr>
        <tr>
            <td><label for="publishfrom">Publish From:</label></td>
            <td><input type="text" name="publishfrom" id="publishfrom" /></td>
        </tr>
        <tr>
            <td><label for="publishupto">Publish Upto:</label></td>
            <td><input type="text" name="publishupto" id="publishupto" /></td>
        </tr>
        <tr>
            <td><label for="qualification">Qualification:</label></td>
            <td><input type="text" name="qualification1" id="qualification1" /></td>
            <td><input type="text" name="qualification2" id="qualification2" /></td>
            <td><input type="text" name="qualification3" id="qualification3" /></td>
            <td><input type="text" name="qualification4" id="qualification4" /></td>
        </tr>
        <tr>
            <td><label for="experience">Experience:</label></td>
            <td><input type="text" name="experience1" id="experience1"/></td>
            <td><input type="text" name="experience2" id="experience2"/></td>
            <td><input type="text" name="experience3" id="experience3"/></td>
        </tr>
        <tr>
            <td><label for="training">Training:</label></td>
            <td><input type="text" name="training1" id="training1" />></td>
            <td><input type="text" name="training2" id="training2" /></td>
            <td><input type="text" name="training3" id="training3" /></td>
            <td><input type="text" name="training4" id="training4" /></td>
            <td><input type="text" name="training5" id="training5" /></td>
        </tr>
        <tr>
            <td><button type="submit" name="submit">Submit</button></td>
        </tr>
    </table>
</form>

<?php get_footer(); ?>

3 个答案:

答案 0 :(得分:10)

替换&#39; $ s&#39;与&#39;%s&#39;

使用此代码

if ( isset( $_POST['submit'] ) ){

         global $wpdb;
         $tablename = $wpdb->prefix.'post_job';

        $wpdb->insert( $tablename, array(
            'organizationname' => $_POST['organizationname'], 
            'post' => $_POST['post'],
            'publishfrom' => $_POST['publishfrom'], 
            'publishupto' => $_POST['publishupto'],
            'qualification1' => $_POST['qualification1'], 
            'qualification2' => $_POST['qualification2'], 
            'qualification3' => $_POST['qualification3'],
            'qualification4' => $_POST['qualification4'], 
            'experience1' => $_POST['experience1'], 
            'experience2' => $_POST['experience2'],
            'experience3' => $_POST['experience3'], 
            'training1' => $_POST['training1'], 
            'training2' => $_POST['training2'], 
            'training3' => $_POST['training3'],
            'training4' => $_POST['training4'], 
            'training5' => $_POST['training5'] ),
            array( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) 
        );
    }

答案 1 :(得分:9)

您可以使用此

<?php

if ( isset( $_POST['submit'] ) ){

    global $wpdb;


    $tablename=$wpdb->prefix.'post_job';

    $data=array(
        'organizationname' => $_POST['organizationname'], 
        'post' => $_POST['post'],
        'publishfrom' => $_POST['publishfrom'], 
        'publishupto' => $_POST['publishupto'],
        'qualification1' => $_POST['qualification1'], 
        'qualification2' => $_POST['qualification2'], 
        'qualification3' => $_POST['qualification3'],
        'qualification4' => $_POST['qualification4'], 
        'experience1' => $_POST['experience1'], 
        'experience2' => $_POST['experience2'],
        'experience3' => $_POST['experience3'], 
        'training1' => $_POST['training1'], 
        'training2' => $_POST['training2'], 
        'training3' => $_POST['training3'],
        'training4' => $_POST['training4'], 
        'training5' => $_POST['training5'] );


     $wpdb->insert( $tablename, $data);
}

?>

答案 2 :(得分:0)

每个人都给出了正确的答案。但还有更多。如果您想要更高的安全性,那么最好使用 WordPress pdo 来更好地防止 SQL 攻击。

global $wpdb;

$table_name = $wpdb->prefix."table_name_after_the_prefix";

$sql = $wpdb->prepare( "INSERT INTO ".$table_name." (name, email, contact ) VALUES ( %s, %s, %d )", $name, $email, $contact );
$wpdb->query($sql);

// get the inserted record id.

$id = $wpdb->insert_id;

参考资料

https://developer.wordpress.org/reference/classes/wpdb/#protect-queries-against-sql-injection-attacks