数据没有进入MySql数据库

时间:2015-12-27 13:23:05

标签: javascript php html mysql

我已经阅读了一些有关我的问题的相关问题,但我仍然无法弄明白。所以我现在决定问。

我想知道我的代码是否有问题。基本上,输入框中的数据应该进入数据库(MYSQL),但每次单击“提交”按钮时,都不会发生任何事情。

代码:   insert_product.php < - 主页

<!DOCTYPE html>
<?php
include("includes/db.php");
?>
<html>
    <head>

    </head>
<script src="//cdn.tinymce.com/4/tinymce.min.js"></script>
 <script>tinymce.init({ selector:'textarea' });</script>

<body bgcolor="#aad6bb">
    <form action="insert_product.php" method="post" enctype="multipart/form-data">
        <table align="center" width="600" border='1' bgcolor='#d6aac5'>

            <tr align="center">
                <td colspan='8'><h2>Inser New Post Here</h2></td>   
            </tr>

            <tr >
                <td align="right"> <b>Product Name:<b></td>
                <td><input type='text'name="product_name" size='50'/></td>
            </tr>

            <tr>
                <td align="right"><b> Product Description</b></td>
                <td><textarea name="product_desc" cols='20' rows='10'></textarea></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Price:</b></td>
                <td><input type='text'name="product_price"/></td>
            </tr>

            <tr>
                <td align="right"><b> Product Quantity:</b></td>
                <td><input type='text'name="product_quantity"/></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Category:</b></td>
                <td><select name="product_cat">
                        <option>Select Category</option>
                        <?php
                            $get_cats = "Select * from categories";
                            $run_cat = mysqli_query($con, $get_cats);
                            while ($row_cats=mysqli_fetch_array($run_cat)){
                            $cat_id = $row_cats['cat_id'];
                            $cat_title = $row_cats['cat_title'];
                            echo"<option value='$cat_id'>$cat_title</option>";
                            }
                        ?>
                </select>
                </td>
            </tr>


            <tr>
                <td align="right"> <b>Product Image:</b></td>
                <td><input type='file' name="product_img"/></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Keywords:</b></td>
                <td><input type='text' size="40" name="product_kw"/></td>
            </tr>
            <tr  align='center'>
                <td colspan='8'><input type='submit'name="insert_post" value="Insert Product"/></td>
            </tr>

        </table>


    </form>
</body>
</html>
<?php
    if(isset($_POST['insert_post'])){
//GETTING DATA FROM THE FIELD
        $product_name= $_POST['product_name'];
        $product_desc= $_POST['product_desc'];
        $product_price= $_POST['product_price'];
        $product_quantity= $_POST['product_quantity'];
        $product_cat= $_POST['product_cat'];
        $product_kw= $_POST['product_kw'];
//GETTING IMAGE FROM THE FIELD
        $product_img = $_FILES['product_img']['name'];
        $product_img_tmp = $_FILES['product_img']['tmp_name'];

        move_uploaded_file($product_img_tmp, "product_images/$product_img");

        $insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords)
         values ('ItemName','ItemDesc',ItemPrice,ItemQty,'ItemCat','ItemImg','keywords')" OR die(mysql_error());


         $insert_prod = mysqli_query($con, $insert_product);
         if($insert_prod){

            echo "<script>alert('SUCCESS')</script>";
            echo "<script>window.open('insert_product.php','self')</script>";
         }//END OF IF(INSERT_PROD)
}
?>  

db.php &lt; - 用于连接

   <?php
$con = mysqli_connect("localhost","root","","ecommerce");
?>

数据库中的表(名称为ecommerce)为item 在我的item表中: ItemID小学和人工智能 ItemName ItemDesc ItemPrice ItemQty ItemCat ItemImg keywords

注意:我发现我的代码容易受到SQL注入攻击。但我仍然是初学者,专注于与HTML和PHP的连接:)

2 个答案:

答案 0 :(得分:3)

您只是不插入变量。

虽然你已宣布自己刚刚练习,但我会忽略SQL注入漏洞。

$insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords)
         values ('$product_name', '$product_desc', $product_price, $product_quantity, '$product_cat', '$product_img', '$product_kw')" OR die(mysql_error());

答案 1 :(得分:2)

你可以这样做

JavaScript:

function callPHP() {
    var httpc = new XMLHttpRequest(); // simplified for clarity
    var url = "insert.php";
    httpc.open("POST", url, true); // sending as POST

    httpc.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
   MUST have a Content-Length header (as per HTTP/1.1)

    httpc.onreadystatechange = function() { //Call a function when the state changes.
    if(httpc.readyState == 4 && httpc.status == 200) { // complete and no errors
        alert(httpc.responseText);

         // some processing here, or whatever you want to do with the response
        }
    }

    var z = document.getElementById('Textbox1').value ;
    httpc.send('data=' + z);
}

insert.php

<?php

$servername = "localhost";
$username = "username";
$password = "password";

$temp = $_POST['data'];





try {
$dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password);

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$sql = "INSERT INTO item (product_name)
VALUES ('".$temp."')";
if ($dbh->query($sql)) {
echo "success";
}
else{
echo "fail";
}

$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>