无法在php中的数据库中插入表单数据

时间:2015-03-29 09:16:37

标签: php mysql

我已经开始学习php并且刚刚陷入表单部分,我无法将数据插入数据库。使用phpmyadmin在端口80上运行并且一切正常。请帮助。 这是fellow.php代码

<?php
    $dbc=mysqli_connect('127.0.0.1','root','','abhishek')
        or die("error connecting to the databsase");
    $nama=$_POST['hell'];
    $nanu=$_POST['email'];
    print $nama;
    $ab="INSERT INTO attempt('name','email')VALUES('$nama','$nanu')";
    if(mysqli_query($dbc,$ab)) {
        echo "Records added successfully.";
    }
    else {
        echo "Records not added successfully."; 
    }
    mysqli_close($dbc);
?>

这是first.html代码 -

<html>
    <head>
        <title>first attempt</title>
    </head>
    <body>
        <form action="fellow.php" method="post" >
            Name:
            <input type="text" name="hell" id="hell" value="hell">
            Email
            <input type="text" name="email" id="email" value="email">
            <input type="submit" name="submit" value="submit">
        </form>
    </body>
</html>

请帮忙,因为我无法继续进一步

1 个答案:

答案 0 :(得分:1)

您使用的是单引号而不是后退,并且您很容易受到SQL注入攻击,因此请使用如下的预处理语句:

$stmt = $dbConnection->prepare('INSERT INTO attempt(`name`,`email`)VALUES(?, ?)');
$stmt->bind_param(..., $nama);
..set other parameter
$stmt->execute();