通过php将html表单数据发送到sql数据库

Question

我正在尝试将表单上收集的数据插入到mysql数据库中。我能够成功建立连接，但未插入数据。我读过许多类似的问题但到目前为止都没有成功。

sqldatabase.php

<form action="/php/sqldatabase.php" method="POST" id="registration">

       <h2>Registration for 2016 Summer Season (April-September)</h2>  
    <p>
        <label for="name">Name:</label>
        <input type="text" id="first_name" name="first_name" placeholder="First Name" autofocus="" />
        <input type="text" id="last_name" name="last_name" placeholder="Last Name" />
    </p>

    <p>
        <label for="spouse">Name of Spouse<i>(Optional)</i>:</label>
        <input type="text" id="first_spouse" name="first_spouse" placeholder="First Name" />
        <input type="text" id="last_spouse" name="last_spouse" placeholder="Last Name" />
    </p>

    <p>
        <label for="address1">Address:</label>
        <input type="text" id="address" name="address" placeholder="Street Address" />
        <input type="text" id="city" name="city" placeholder="City" />
    </p>

    <p>
        <label for="address2"></label>
        <input type="text" id="state" name="state" placeholder="State" />
        <input type="number" id="zip" name="zip" placeholder="Zip Code" />
    </p>

    <p>
        <label for="phone">Phone:</label>
        <input type="tel" id="phonehome" name="phone" placeholder="Home Phone" />
        <input type="tel" id="phonecell" name="phone" placeholder="Work/Cell Phone" />
    </p>

    <p>
        <label for="phone">Email:</label>
        <input type="email" id="email" name="email" />
    </p>

    <p>
        <label for="dob">Date of Birth:</label>
        <input type="date" id="dob" name="dob" />
    </p>

    <p>
        <label for="occupation">Occupation (Former, if retired):</label>
        <input type="text" id="occupation" name="occupation" />
    </p>

    <div id="shirt">
    <p>
        <label for="size">Uniform:</label>
        <select name="shirt_size" id="shirt_size">
            <option value="">Shirt Size</option>
            <option value="medium">Medium</option>
            <option value="large">Large</option>
            <option value="XL">XL</option>
            <option value="2XL">2XL</option>
            <option value="3XL">3XL</option>
        </select>
        <select name"cap_size" id="cap_size">
            <option value="">Cap Size</option>
            <option value="XS/S">XS/S</option>
            <option value="S/M">S/M</option>
            <option value="M/L">M/L</option>
            <option value="L/XL">L/XL</option>
        </select>
    </p>

    <p>
       <label for="shirtnum">Shirt Number:</label>
       <input type="number" id="shirtnum1" name="shirtnum1" placeholder="1st Choice" min="0" max="99" />
       <input type="number" id="shirtnum2" name="shirtnum2" placeholder="2nd Choice" min="0" max="99" />
    </p>
    </div>
    <div id="describe">

    <p>
      <span class="describe1">
        <b>Describe any information you deem important regarding your ability and/or availability or any other information you deem important to the season.</b>
        <textarea name="description" id="desc" cols="30" rows="10"></textarea>
      </span>
    </p>
    </div>

    <div id="ethics">
        <h2>Code of Ethics</h2>
        <p>
            <span class="ethics1">
            <input type="checkbox" id="bylaws_rules" name="bylaws_rules" /> 
                I agree to abide by the Bylaws and decisions of the Club and Club Officials.
            </span>
        </p>

        <p>
            <span class="ethics1">
            <input type="checkbox" id="umpires" name="umpires" />
                I agree to accept the decisions of the Umpires and Team Managers.
            </span>
        </p>

        <p>
            <span class="ethics1">
            <input type="checkbox" id="alcohol" name="alcohol" />
                I agree to abstain from alcoholic beverages prior to a game.
            </span>
        </p>
        </div>

        <div id="waiver">
            <h2>Release of Liability</h2>

                <p>
                <b>I agree to hold harmless the club.</b>
                </p>
                <input type="checkbox" id="waiver" name="waiver" />
        </div>

        <ol class="requires">

            <li>Dues are $95 and should be received by April 6, 2016</li>
            <li>If you decline to play after being drafted, your registration fee will not be refunded.</li>
            <li>All members must be at least 50 years old by December 31, 2016</li>
            <li>The deadline for receipt of registrations is April 6, 2016. Registrations received after this date will 
                not be processed for the player drat. Assignments to teams will then be made according to League guidelines
                regarding late registering players.</li>
            <li>Registrations received without the correct fee will not be considered as received and will not be valid until the correct fee is received.</li>
        </ol>

        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>
            <button type="submit" id="register">Register!</button>
        </p>

    </form>

我的HTML

# DB connection
conn = pypyodbc.connect('DRIVER={SQL Server};SERVER=xxx.xxx.xxx.xxx;DATABASE=SCAN;UID=user;PWD=password')
cursor = conn.cursor()

def main() :
    reader = csv.reader(file(filename, "rb"), delimiter=';')
    for row in reader :
        ip = row[0]
        host = row[1]
        domain = row[2]

        # get Operating System ID
        os_id = getOperatingSystem(row[3])

        manufacturer = row[4]
        model = row[5]

        # get computer_manufacturer ID
        computer_manufacturer = getManufacturer(manufacturer, computer_model)

        arch = getArch(row[6])

        values = [ip, host, domain, os_id, manufacturer, arch]

        hostIP = getHostIP(ip)
        print "hostIP: " +str(hostIP)
        if hostIP == 0:

            print values

            # insert values in DB
            cursor.execute(
                """
                INSERT INTO dbo.hosts (ip, host, domain, os_id, manufacturer, arch_id)
                VALUES (?, ?, ?, ?, ?, ?)
                """, values)
            cursor.commit()


# return host IP ID
def getHostIP(hostIP) :
    cursor.execute("SELECT id FROM mytable WHERE ip = ?", [hostIP])
    row = cursor.fetchone()

    if row is not None :
        return row[0]
    return 0

# return ID of Computer Manufacturer
def getComputerManufacturer(manufacturer, computer_model) :
    cursor.execute("SELECT id FROM manufacturer WHERE manufacturer = ? AND computer_model = ?", [manufacturer, computer_model])
    row = cursor.fetchone()

    if row is not None:
        return row[0]
    else :
        return setComputerManufacturer(manufacturer, computer_model)

感谢您的帮助！

Answer 1

发布为社区维基。

这里有一些问题。

• 首先，您从未执行过查询。
• 您永远不会检查empty()字段，这些字段可能会在表格中插入空行。

参考手册：

• http://php.net/manual/en/mysqli.query.php

面向对象的风格

  

混合mysqli :: query（字符串$ query [，int $ resultmode = MYSQLI_STORE_RESULT]）

程序风格

  

混合mysqli_query（mysqli $ link，字符串$ query [，int $ resultmode = MYSQLI_STORE_RESULT]）

然后您为表格使用了错误的标识符限定符：

INSERT INTO 'softball_reg_2016'
            ^                 ^

是常规单引号，应该是滴答或根本没有引号：

INSERT INTO `softball_reg_2016`

并且仅此一点就会引发语法错误。

阅读标识符限定符：

• http://dev.mysql.com/doc/en/identifier-qualifiers.html

然后您使用desc作为列名，这是一个MySQL保留字。这也会让你误以为。因此，要么将其重命名为其他内容，要么将其包装在刻度线中。

`desc`

参考：

• https://dev.mysql.com/doc/refman/5.5/en/keywords.html

同时检查错误：

• http://php.net/manual/en/mysqli.error.php
• http://php.net/manual/en/function.error-reporting.php

另外，您目前的代码向SQL injection开放。使用mysqli_* with prepared statements或PDO与prepared statements。

另外，既然你已经为POST数组声明了变量，为什么要把POST数组放在查询中呢？刚刚使用了变量。你真的没有使用更多的代码。

正如评论中所述：

  

＆＃34;您还有两个同名的输入字段：phone。这是打算还是只是复制/粘贴通常的问题？ - FirstOne＆＃34;

Answer 2

您需要执行查询。你刚刚接受了这个字符串。 这是你缺少的。放

  mysqli_query($conn,$sql);

成功消息之前。

Answer 3

您没有执行查询

你必须这样做

mysqli_query($conn,$query);

关闭连接之前