我试图插入SQL查询但没有插入数据库

时间:2015-02-18 08:45:39

标签: php mysql insert

我试图用PHP做简单的脚本并插入一些数据,但没有任何反应!我知道我错过了什么,但它是什么?

这是我的代码:

<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="dddd";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== Get Variable======= //
$name = $_POST['name'];
$email=$_POST['email'];
$rate=$_POST['select_style'];
$content=$_POST['content'];

$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";

//====== Get Variable======= //
if($_POST['submit-comment'])  {
if($name && $email && $content == true) {

mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
}
else {

$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";

}
}
mysqli_close($con);
?>

这就是形式和&#34;行动&#34; .. 

                        <form method="post" action="" id="form-contact" class="clearfix">
                        <div id="form-left">
                            <label for="text-name">Name *</label><br />
                            <input type="text" name="name" class="input" id="text-name" /><br />
                            <label for="text-email">From *</label><br />
                            <input type="text" name="email" class="input" id="text-email" /><br />
                            <label for="text-phone">Rate us *</label><br />
                            <div class="select-style">
                            <select>
                            <option value="5.0">5.0</option>
                            <option value="4.5">4.5</option>
                            <option value="4.0">4.0</option>
                            <option value="3.5">3.5</option>
                            <option value="3.0">3.0</option>
                            <option value="2.5">2.5</option>
                            <option value="2.0">2.0</option>
                            <option value="2.0">2.0</option>
                            <option value="1.5">1.5</option>
                            <option value="1.0">1.0</option>
                            </select>
                            </div>
                        </div>
                        <div id="form-right">
                            <label for="text-comment">Review <span></span></label><br />
                            <textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
                            <input type="submit" name="submit-comment" class="button" value="Rate Us" />
                        </div>
                        <p id="text-contact">
                        <br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism! 
                    </form>

那么我错过了什么?

3 个答案:

答案 0 :(得分:0)

注意:

  • 放置您的插入查询并在if语句isset(POST["submit-comment"]中传递变量(POST)以消除未定义变量的错误。

  • 您应该使用mysqli_* prepared statement来阻止SQL injections

答案:

如果您坚持保留代码,则可以使用mysqli_real_escape_string()函数在变量中使用变量之前对其进行一些修改。

您的PHP文件应如下所示:

<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="cookindoor";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== IF SUBMIT-COMMENT ======= //
if(isset($_POST['submit-comment']))  {
  if(!empty($_POST["name"]) && !empty($_POST["email"]) && !empty($_POST["content"])) {

    //====== GET VARIABLES ======= //
    $name = mysqli_real_escape_string($con,$_POST['name']);
    $email = mysqli_real_escape_string($con,$_POST['email']);
    $rate = mysqli_real_escape_string($con,$_POST['select_style']);
    $content = mysqli_real_escape_string($con,$_POST['content']);

    $insert="INSERT INTO reviews (name,email,rate,content) VALUES ('$name','$email','$rate','$content')";

    mysqli_query($con,$insert);
    $success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
  }

  else {
    $error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
  }
}
mysqli_close($con);
?>

建议:

但是如果你在mysqli_* prepared statement中执行它,你的插入查询将如下所示。虽然这只是一个简单的例子,但仍然可执行:

if($stmt = $con->prepare("INSERT INTO reviews (name, email, rate, content) VALUES (?,?,?,?)")){ /* CHECK THE QUERY */
  $stmt->bind_param('ssss', $_POST["name"], $_POST["email"], $_POST["rate"], $_POST["content"]); /* BIND VARIABLES TO YOUR QUERY */
  $stmt->execute(); /* EXECUTE YOUR QUERY */
  $stmt->close(); /* CLOSE YOUR QUERY */
}

答案 1 :(得分:0)

尝试将get变量放在if else语句中 完成提交后检查POST中是否有数据:

if($_POST['submit-comment'])  {
        $name = $_POST['name'];
        $email=$_POST['email'];
        $rate=$_POST['select_style'];
        $content=$_POST['content'];

        $insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";

        if ($con->query($sql) === TRUE) {
            echo "New record created successfully";
        } else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }

        var_dump($_POST);
}

$con->close();

检查错误:

$check = mysqli_query($con,$insert);
var_dump($check);

如果你找到了,请告诉我

答案 2 :(得分:0)

检查此工作代码。您还没有将Drop down的元素名称设置为select_style。这也是错误。

PHP代码

if(isset($_POST['submit-comment']) && $_POST['submit-comment']!='')  {

  $host= "localhost";
  $user="root";
  $pass="";
  $db="test";

  $con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

    //====== Get Variable======= //
    $name  = mysqli_real_escape_string($con,$_POST['name']);
    $email = mysqli_real_escape_string($con,$_POST['email']);
    $rate  = mysqli_real_escape_string($con,$_POST['select_style']);
    $content = mysqli_real_escape_string($con,$_POST['content']);

  $insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')"; 

  if($name && $email && $content == true) {

    mysqli_query($con,$insert);
    $success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
    echo $success;
  }
  else {

    $error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
    echo $error;

  }

  mysqli_close($con);
}

HTML 

<form method="post" action="" id="form-contact" class="clearfix">
<div id="form-left">
  <label for="text-name">Name *</label><br />
  <input type="text" name="name" class="input" id="text-name" /><br />
  <label for="text-email">From *</label><br />
  <input type="text" name="email" class="input" id="text-email" /><br />
  <label for="text-phone">Rate us *</label><br />
  <div class="select-style">
  <select name="select_style">
  <option value="5.0">5.0</option>
  <option value="4.5">4.5</option>
  <option value="4.0">4.0</option>
  <option value="3.5">3.5</option>
  <option value="3.0">3.0</option>
  <option value="2.5">2.5</option>
  <option value="2.0">2.0</option>
  <option value="2.0">2.0</option>
  <option value="1.5">1.5</option>
  <option value="1.0">1.0</option>
  </select>
  </div>
</div>
<div id="form-right">
  <label for="text-comment">Review <span></span></label><br />
  <textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
  <input type="submit" name="submit-comment" class="button" value="Rate Us" />
</div>
<p id="text-contact">
<br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism! 
</form>
相关问题
最新问题