学习PDO简单表单输入不提交到数据库

时间:2015-04-21 14:09:03

标签: php forms pdo

我昨天开始学习PDO,我认为我已经把它弄下来但是在尝试提交一个简单的表格时我又遇到了一个错误。我在w3schools上使用这个例子,但是输入了一个表单。

的index.php

<form action="submit.php" method="post">
    <input type="text" id="name" placeholder"Enter Your Name">
    <button type="submit">Submit</button>
</form>

以下是处理表单的页面:

submit.php

<?php
    $servername = "localhost";
    $username = "testuser";
    $password = "testpassword";
    $dbname = "testdb";

    $nickname = $_POST['name'];

    try {
        $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        //Set PDO Error Mode to Exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "INSERT INTO test (name)
        VALUES (:nickname)";
        // use exec() because no results are returned
        $conn->exec($sql);
        echo "New record created successfully";
    }
    catch(PDOException $e)
    {
        echo $sql . "<br>" . $e->getMessage();
    }

    $conn = null;
?>

我得到的错误是:

  

INSERT INTO test(name)VALUES(:nickname)   SQLSTATE [42000]:语法错误或访问冲突:1064 SQL语法中有错误;检查与MySQL服务器版本对应的手册,以便在第2行使用“:nickname”附近的正确语法

6 个答案:

答案 0 :(得分:9)

你必须使用预备语句,尝试这样的事情:

// query
$sql = "INSERT INTO test (name)
    VALUES (:nickname)";
$q = $conn->prepare($sql);
$q->execute(array(':nickname'=>$nickname));

答案 1 :(得分:2)

首先,您需要创建一个预准备语句,然后将要绑定的值绑定到该语句。您可以从官方php.net(http://php.net/manual/en/pdo.prepared-statements.php

更多地了解PDO
    <?php
        $servername = "localhost";
        $username = "testuser";
        $password = "testpassword";
        $dbname = "testdb";

        $nickname = $_POST['name'];

        try {
            $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
            //Set PDO Error Mode to Exception
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $sql = "INSERT INTO test (name)
            VALUES (:nickname)";
            $stm = $conn->prepare($sql);
            $stm->bindParam(':nickname', $nickname);
            // use exec() because no results are returned
            $stm->execute();
            echo "New record created successfully";
        }
        catch(PDOException $e)
        {
            echo $sql . "<br>" . $e->getMessage();
        }

        $conn = null;
    ?>

答案 2 :(得分:1)

您的表单输入需要name属性,因为这是它的引用方式。

<input type="text" id="name" placeholder="Enter Your Name">

你不能单独依赖“id”。

<input type="text" name="name" id="name" placeholder="Enter Your Name">
                   ^^^^^^^^^^^
  • 使用错误报告后,会发出“未定义的索引名称...”通知。

name属性是PHP $_POST数组中的值,因此上面的示例将给出:

$_POST['name'] = <the value you entered into the name input box>

为了进一步说明,id元素<input>值未出现在PHP $ _POST数据中。 POST数据 需要 名称属性才能从表单提交数据。

答案 3 :(得分:0)

怎么样?
$q = $conn->prepare("INSERT INTO test (name) VALUES (:nickname)");

// Variant #1
$q->bindParam(':nickname', $nickname, PDO::PARAM_STR);
$q->execute();

// Variant #2
$q->bindValue(':nickname', $nickname, PDO::PARAM_STR);
$q->execute();

// Variant #3
$q->execute([':nickname' => $nickname]);

另请注意

  

bindParam()bindValue()不同,将变量绑定为参考,只会在调用execute()时进行评估。

答案 4 :(得分:0)

你几乎就在那里,你错过了几个步骤。通过在sql字符串中使用:name标记,您将识别出您将变量绑定到此标记。这意味着您需要首先让PDO准备sql查询语句,然后将变量绑定到它,然后将其发送到服务器。

如下例所示:

...
$name = $_POST['name']
$sql = "INSERT INTO nameTable (name) VALUES(:name)";
//this is what you missed
$stmt= $con->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
//the following is the way of executing a prepared statement, you keep using the $stmt variable, rather than the $con one.
$stmt->execute();

这应该让它发挥作用。

答案 5 :(得分:-1)

你错过了两个步骤:

try {
        $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        //Set PDO Error Mode to Exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "INSERT INTO test (name)
        VALUES (:nickname)";
        $conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
        // use exec() because no results are returned
        $conn->exec($sql,array(':nickname' => $username));
        echo "New record created successfully";
    }