细分表单将空白数据提交到数据库

时间:2015-04-14 09:04:56

标签: php sql database

该问题已得到简要解决,现在数据库为信息添加了一个新行,我唯一的问题是数据库没有从表单中获取任何信息。

<?php

$con = mysql_connect("localhost","username","password");

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }



mysql_select_db("databasename", $con);



$sql="INSERT INTO breakdowns (username, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone)

VALUES

('$_POST[username]','$_POST[breakdowndate]','$_POST[policyinception]','$_POST[customername]','$_POST[customersurname]','$_POST[covertype]','$_POST[vehiclemake]','$_POST[vehiclemodel]','$_POST[vehiclereg]','$_POST[vehicleage]','$_POST[excess]','$_POST[mileage]','$_POST[paid]','$_POST[HSRS]','$_POST[fault]','$_POST[garage]','$_POST[telephone]')";



if (!mysql_query($sql,$con))

  {

  die('Error: ' . mysql_error());

  }

echo "1 breakdown added";



mysql_close($con)

?>

当在服务器上执行脚本时,我收到回显消息,数据库中出现一个空白行,但不存在表单中的信息。

现在正在运作:

<?php
// This sends the breakdown form to the database //

        $con = mysql_connect("localhost","dgtlss20_orca1","qG!P}ubT.tuw");

        if (!$con)

    {

        die('Could not connect: ' . mysql_error());

    } 

    mysql_select_db("dgtlss20_orca", $con); 

        $sql="INSERT INTO breakdowns (username, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone)
        VALUES ('$_POST[username]','$_POST[breakdowndate]','$_POST[policyinception]','$_POST[customername]','$_POST[customersurname]','$_POST[covertype]','$_POST[vehiclemake]','$_POST[vehiclemodel]','$_POST[vehiclereg]','$_POST[vehicleage]','$_POST[excess]','$_POST[mileage]','$_POST[paid]','$_POST[HSRS]','$_POST[fault]','$_POST[garage]','$_POST[telephone]')";

    if (!mysql_query($sql,$con))

    {

    die('Error: ' . mysql_error());

    }

    header('Location: ../breakdown-added.php');



        mysql_close($con)

?>

4 个答案:

答案 0 :(得分:0)

您的mysqli_query函数未正确写入:

您有mysqli_query(connection, "query"后跟一些应该在查询中的代码,并且无法识别它应该是, 而不是mysqli_query(connection, "query"); 

mysqli_query($connect,"INSERT INTO posts (user, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone) VALUES ('".$_POST[post_user]."', '".$_POST[post_breakdowndate]."', '".$_POST[post_policyinception]."', '".$_POST[post_customername]."', '".$_POST[post_customersurname]."', '".$_POST[post_covertype]."', '".$_POST[post_vehiclemake]."', '".$_POST[post_vehiclemodel]."', '".$_POST[post_vehiclereg]."', '".$_POST[post_vehicleage]."', '".$_POST[post_excess]."', '".$_POST[post_mileage]."', '".$_POST[post_paid]."', '".$_POST[post_HSRS]."', '".$_POST[post_fault]."', '".$_POST[post_garage]."', '".$_POST[post_telephone]."')");

答案 1 :(得分:0)

您在查询以值结束之前终止了查询。试试 - 

mysqli_query($connect,"INSERT INTO posts (user, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone) VALUES ('$_POST[post_user]', '$_POST[post_breakdowndate]', '$_POST[post_policyinception]', '$_POST[post_customername]', '$_POST[post_customersurname]', '$_POST[post_covertype]', '$_POST[post_vehiclemake]', '$_POST[post_vehiclemodel]', '$_POST[post_vehiclereg]', '$_POST[post_vehicleage]', '$_POST[post_excess]', '$_POST[post_mileage]', '$_POST[post_paid]', '$_POST[post_HSRS]', '$_POST[post_fault]', '$_POST[post_garage]', '$_POST[post_telephone]')");

答案 2 :(得分:0)

如果您的列数和值计数在查询中相同,则以下代码将起作用:

<?php
//Connecting to sql db.
$connect = mysqli_connect("localhost","username","password","databasename");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO posts (user, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone)".
"VALUES ('$_POST[post_user]', '$_POST[post_breakdowndate]', '$_POST[post_policyinception]', '$_POST[post_customername]', '$_POST[post_customersurname]', '$_POST[post_covertype]', '$_POST[post_vehiclemake]', '$_POST[post_vehiclemodel]', '$_POST[post_vehiclereg]', '$_POST[post_vehicleage]', '$_POST[post_excess]', '$_POST[post_mileage]', '$_POST[post_paid]', '$_POST[post_HSRS]', '$_POST[post_fault]', '$_POST[post_garage]', '$_POST[post_telephone]')");

?>

答案 3 :(得分:0)

  

您的代码容易受到SQL注入攻击

您需要将参数传递为$_POST['post_breakdowndate']而不是$_POST[post_breakdowndate]

您需要将查询更新为

mysqli_query($connect,"INSERT INTO posts (user, breakdowndate, policyinception, customername, customersurname, covertype, vehiclemake, vehiclemodel, vehiclereg, vehicleage, excess, mileage, paid, HSRS, fault, garage, telephone) VALUES ('".$_POST['post_user']."', '".$_POST['post_breakdowndate']."', '".$_POST['post_policyinception']."', '".$_POST['post_customername']."', '".$_POST['post_customersurname']."', '".$_POST['post_covertype']."', '".$_POST['post_vehiclemake']."', '".$_POST['post_vehiclemodel']."', '".$_POST['post_vehiclereg']."', '".$_POST['post_vehicleage']."', '".$_POST['post_excess']."', '".$_POST['post_mileage']."', '".$_POST['post_paid']."', '".$_POST['post_HSRS']."', '".$_POST['post_fault']."', '".$_POST['post_garage']."', '".$_POST['post_telephone']."')");

您正在终止函数

之外的值
相关问题
最新问题