PHP动作插入表单不起作用

时间:2014-11-05 02:24:29

标签: php html

我想知道哪一个是错误的。我试图检查mysql,没有插入我的数据库。

首先,我的HTML代码就像这样

<form action="registerAction" method="POST">  
        <p class="titleRegister"> Login Details </p>
        <!-- login details -->
        <p> <label for="emailAddress" class="inputField" > Email Address : </label> </p>
        <p> <input id="emailAddress" class="registerField" name="ename" required="required" type="text" placeholder="Your email address"/> </p>

        <p> <label for="password" class="inputField" > Password : </label> </p>
        <p> <input id="password" class="registerField" name="pwd" required="required" type="password" placeholder="Your password"/> </p>

        <p> <label for="password" class="inputField" > Confirmation Password : </label> </p>
        <p> <input id="password" class="registerField" name="mpwd" required="required" type="password" placeholder="Confirmation password" onBlur="pwdCompare()"/> </p>

        <!-- personal details -->
        <p class="titleRegister"> Personal Details </p>

        <!-- hidden to insert db -->
        <input name="registerID" type="hidden"/>
        <input name="pic" type="hidden"/>

        <p>
            <label for="socialTitle" class="inputField" > Title : </label>
            <div class="radio">
                <input type="radio" name="sTitle" value="mr"> Mr
                <input type="radio" name="sTitle" value="mrs"> Mrs
                <input type="radio" name="sTitle" value="ms"> Ms
            </div>
        </p>

        <p> <label for="firstName" class="inputField" > First Name : </label> </p>
        <p> <input id="firstName" class="registerField" name="fname" required="required" type="text" placeholder="Your first name"/> </p>

        <p> <label for="lastName" class="inputField" > Last Name : </label> </p>
        <p> <input id="lastName" class="registerField" name="lname" required="required" type="text" placeholder="Your last name"/></p>

        <p> <label for="mainAddress" class="inputField" > Main Address : </label> </p>
        <p> <input id="mainAddress" class="registerField" name="address" required="required" type="text" placeholder="Your main address"/> </p>

        <p> <label for="countryName" class="inputField" > Country : </label> </p>
        <?php 
        include 'dbconnect.php';
        echo "<select class=\"selectCSS\" name=\"country\">";
        $country = "SELECT DISTINCT * FROM geo_country ORDER BY country";
        $showCountry = mysqli_query($mysqli, $country);
        while($countryRow = mysqli_fetch_assoc($showCountry))
        {
            $country = htmlspecialchars ($countryRow['country']);
            $countryCode = $countryRow['countryCode'];
            echo "<option value=\"$country\">$country</option>\n";
        }
        echo "</select>";
        ?>

        <p> <label for="cityName" class="inputField" > City : </label> </p>
        <?php
        include 'dbconnect.php';
        echo "<select class=\"selectCSS\" name=\"city\">";
        $city = "SELECT DISTINCT * FROM geo_country INNER JOIN geo_city ORDER BY city WHERE geo_country.countryCode = geo_city.countryCode";
        $showCities = mysqli_query($mysqli, $city);
        while($cityRow = mysqli_fetch_assoc($showCities))
        {
            $city = htmlspecialchars ($cityRow['city']);
            $countryCode = $cityRow['countryCode'];
            echo "<option value=\"$city\">$city</option>\n";
        }
        echo "</select>";
        ?>

        <p> <label for="postalCode" class="inputField" > Postal Code : </label> </p>
        <p> <input id="postalCode" class="registerField" name="pcode" required="required" type="text" placeholder="Your postal code"/> </p>

        <p> <input class="registerButton" type="submit" value="REGISTER"> </p>
    </form>

我的php动作来到这里:

<?php

include 'dbconnect.php';

if ($_POST['pwd']!= $_POST['mpwd']) {
    echo("Oops! Password did not match! Try again. ");
}

$register_ID = $_POST['registerID'];
$socialTitle = $_POST['sTitle'];
$firstName = ucfirst(strtoupper($_POST['fname']));
$lastName = ucfirst(strtoupper($_POST['lname']));
$emailAddress = htmlspecialchars($_POST['ename']);
$mainAddress = htmlspecialchars($_POST['address']);
$registerCity = $_POST['city'];
$registerCountry = $_POST['country'];
$postalCode = htmlspecialchars($_POST['pcode']);
$profilePic = $_POST['pic'];
$registerPassword = $_POST['pwd'];

$check = "SELECT * FROM register_user where emailAddress = '$emailAddress'";
$checkTitle = mysqli_query($mysqli,$check);

if (mysqli_num_rows($checkTitle) > 0) {
    header("Location: register?error=The name of email has already been taken");
    } else {
        $insertSQL =
        "INSERT INTO register_user ('registerID', 'socialTitle', 'firstName', 'lastName', 'emailAddress', 'mainAddress', 'registerCity', 'registerCountry', 'postalCode', 'profilePic', 'registerPassword')
        VALUES ('$register_ID', '$socialTitle', '$firstName', '$lastName', '$emailAddress', '$mainAddress', '$registerCity', '$registerCountry', '$postalCode', '$profilePic', '$registerPassword')";
        $queryResult = mysqli_query($mysqli,$insertSQL);
        if($queryResult) {
            echo "SUCCESS";

                echo "<p> Name   : $emailAddress </p>";
                echo "<p> Detail : $fname </p>";

            echo "<p> <a href=\"index\"> BACK </a> </p>";
        }
    }
?>

结果在新的html页面上没有任何结果,在DB中也没有。你能看一下吗?感谢。

2 个答案:

答案 0 :(得分:1)

您的列使用了错误的identifiers,是(单个)引号'

('registerID', 'socialTitle', 'firstName', 'lastName', 'emailAddress', 'mainAddress', 'registerCity', 'registerCountry', 'postalCode', 'profilePic', 'registerPassword')

将其更改为:

(registerID, socialTitle, firstName, lastName, emailAddress, mainAddress, registerCity, registerCountry, postalCode, profilePic, registerPassword)

或使用反引号。

(`registerID`, `socialTitle`, `firstName`, `lastName`, `emailAddress`, `mainAddress`, `registerCity`, `registerCountry`, `postalCode`, `profilePic`, `registerPassword`)

使用or die(mysqli_error($mysqli))mysqli_query()会向您显示错误。

另外,除非表单操作是名为registerAction的文件夹中的索引文件或mod重写:

它需要

<form action="registerAction.php" method="POST">

所以,检查一下。只是一个见解。


我还要注意,您目前的代码对SQL injection开放。

使用prepared statementsPDO with prepared statements它们更安全

答案 1 :(得分:0)

不是100%肯定,但尝试更改你的HTML。

此:

<form action="registerAction" method="POST">

要:

<form action="registerAction.php" method="POST">

假设registerAction是你的php文件的名称..