我在终端的users中创建了一个mysql表,我正在尝试创建简单的任务:从表单中插入值。这是我的dbConfig file
<?php
$mysqli = new mysqli("localhost", "root", "pass", "testDB");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
这是我的Index.php。
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
<?php
include_once 'dbConfig.php';
?>
</head>
<body>
<?php
if(isset($_POST['save'])){
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
}
?>
<form method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
<button type="submit" name="get">get</button>
</form>
</body>
</html>
点击我的保存按钮后,没有任何反应,数据库仍为空。我尝试echo'ing INSERT查询,它会从表单中获取所有值。在我尝试从终端检查这是否有效之后,我登录到我的sql尝试从users表返回所有数据并且我得到空集。
答案 0 :(得分:29)
以下代码声明了一个包含MySQL查询的字符串变量:
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
它不执行查询。为了做到这一点,你需要使用一些功能,但让我先解释一下。
永远不会信任用户输入:您绝不应将用户输入(例如来自$_GET或$_POST的表单输入)直接添加到您的查询中。有人可以通过这种方式小心操作输入,以免对数据库造成严重损害。这就是所谓的SQL注入。您可以阅读更多相关信息here
为了保护您的脚本不受此类攻击,您必须使用预备语句。更多关于准备好的陈述here
将准备好的语句包含在您的代码中,如下所示:
$sql = "INSERT INTO users (username, password, email)
VALUES (?,?,?)"
注意?如何用作值的占位符。接下来,您应该使用mysqli_prepare准备语句:
$stmt = mysqli_prepare($sql);
然后开始将输入变量绑定到预准备语句:
$stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password']);
最后执行准备好的语句。 (这是实际插入的地方)
$stmt->execute();
注意虽然不是问题的一部分,但我强烈建议您永远不要以明文形式存储密码。相反,您应该使用password_hash来存储密码的哈希值
答案 1 :(得分:4)
您的代码中存在两个问题。
<强> dbConfig.php
<?php
$conn=mysqli_connect("localhost","root","password","testDB");
if(!$conn)
{
die("Connection failed: " . mysqli_connect_error());
}
?>
<强>的index.php
include('dbConfig.php');
<!Doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="$1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
</head>
<body>
<?php
if(isset($_POST['save']))
{
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
$result = mysqli_query($conn,$sql);
}
?>
<form action="index.php" method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
</form>
</body>
</html>
答案 2 :(得分:-1)
试试这个:
dbConfig.php
import UIKit
import Material
class RootViewController: UIViewController {
open override func viewDidLoad() {
super.viewDidLoad()
view.backgroundColor = Color.white
prepareToolbar()
handleTopView()
handleBottomView()
}
func handleTopView() {
let topView = UIView()
topView.backgroundColor = UIColor.gray
view.layout(topView).top().horizontally().height(40)
}
func handleBottomView() {
let bottomView = UIView()
bottomView.backgroundColor = UIColor.blue
view.layout(bottomView).bottom().horizontally().height(40)
}
}
extension RootViewController {
fileprivate func prepareToolbar() {
guard let toolbar = toolbarController?.toolbar else {
return
}
toolbar.title = "Material"
toolbar.titleLabel.textColor = .white
toolbar.titleLabel.textAlignment = .left
toolbar.detail = "Build Beautiful Software"
toolbar.detailLabel.textColor = .white
toolbar.detailLabel.textAlignment = .left
}
}
的index.php
<?php
$mysqli = new mysqli('localhost', 'root', 'pwd', 'yr db name');
if($mysqli->connect_error)
{
echo $mysqli->connect_error;
}
?>
答案 3 :(得分:-2)
<!DOCTYPE html>
<?php
$con = new mysqli("localhost","root","","form");
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<script type="text/javascript">
$(document).ready(function(){
//$("form").submit(function(e){
$("#btn1").click(function(e){
e.preventDefault();
// alert('here');
$(".apnew").append('<input type="text" placeholder="Enter youy Name" name="e1[]"/><br>');
});
//}
});
</script>
</head>
<body>
<h2><b>Register Form<b></h2>
<form method="post" enctype="multipart/form-data">
<table>
<tr><td>Name:</td><td><input type="text" placeholder="Enter youy Name" name="e1[]"/>
<div class="apnew"></div><button id="btn1">Add</button></td></tr>
<tr><td>Image:</td><td><input type="file" name="e5[]" multiple="" accept="image/jpeg,image/gif,image/png,image/jpg"/></td></tr>
<tr><td>Address:</td><td><textarea cols="20" rows="4" name="e2"></textarea></td></tr>
<tr><td>Contact:</td><td><div id="textnew"><input type="number" maxlength="10" name="e3"/></div></td></tr>
<tr><td>Gender:</td><td><input type="radio" name="r1" value="Male" checked="checked"/>Male<input type="radio" name="r1" value="feale"/>Female</td></tr>
<tr><td><input id="submit" type="submit" name="t1" value="save" /></td></tr>
</table>
<?php
//echo '<pre>';print_r($_FILES);exit();
if(isset($_POST['t1']))
{
$values = implode(", ", $_POST['e1']);
$imgarryimp=array();
foreach($_FILES["e5"]["tmp_name"] as $key=>$val){
move_uploaded_file($_FILES["e5"]["tmp_name"][$key],"images/".$_FILES["e5"]["name"][$key]);
$fname = $_FILES['e5']['name'][$key];
$imgarryimp[]=$fname;
//echo $fname;
if(strlen($fname)>0)
{
$img = $fname;
}
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
}
exit;
// echo $values;exit;
//foreach($_POST['e1'] as $row)
//{
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
//}
//exit;
}
?>
</form>
<table>
<?php
$t="select * from form";
$y=$con->query($t);
foreach ($y as $q);
{
?>
<tr>
<td>Name:<?php echo $q['name'];?></td>
<td>Address:<?php echo $q['address'];?></td>
<td>Contact:<?php echo $q['contact'];?></td>
<td>Gender:<?php echo $q['gender'];?></td>
</tr>
<?php }?>
</table>
</body>
</html>
答案 4 :(得分:-3)
<?php
$username="root";
$password="";
$database="test";
#get the data from form fields
$Id=$_POST['Id'];
$P_name=$_POST['P_name'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$email=$_POST['email'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die("unable to select database");
if($_POST['insertrecord']=="insert"){
$query="insert into person values('$Id','$P_name','$address1','$address2','$email')";
echo "inside";
mysql_query($query);
$query1="select * from person";
$result=mysql_query($query1);
$num= mysql_numrows($result);
#echo"<b>output</b>";
print"<table border size=1 >
<tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
$i=0;
while($i<$num)
{
$Id=mysql_result($result,$i,"Id");
$P_name=mysql_result($result,$i,"P_name");
$address1=mysql_result($result,$i,"address1");
$address2=mysql_result($result,$i,"address2");
$email=mysql_result($result,$i,"email");
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
$i++;
}
print"</table>";
}
if($_POST['searchdata']=="Search")
{
$P_name=$_POST['name'];
$query="select * from person where P_name='$P_name'";
$result=mysql_query($query);
print"<table border size=1><tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
while($row=mysql_fetch_array($result))
{
$Id=$row[Id];
$P_name=$row[P_name];
$address1=$row[address1];
$address2=$row[address2];
$email=$row[email];
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
}
echo"</table>";
}
echo"<a href=lab2.html> Back </a>";
?>
答案 5 :(得分:-4)
单击按钮
if(isset($_POST['save'])){
$sql = "INSERT INTO `members`(`id`, `membership_id`, `email`, `first_name`)
VALUES ('".$_POST["id"]."','".$_POST["membership_id"]."','".$_POST["email"]."','".$_POST["firstname"]."')";
**if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}**
}
这将在变量$ sql
中执行查询 if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}