PHP将空的Form值发送到Server

时间:2016-06-07 00:45:49

标签: php html mysql php-5.6

此服务器确认PHP连接,但表单中输入的值不会仅存储为空表行。

PHP代码:

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Aliens Abducted Me - Report an Abduction</title>
</head>
<body>
  <h2>Aliens Abducted Me - Report an Abduction</h2>

<?php


  $name = $_POST'firstname';
  $last_name =$_POST'lastname';
  $when_it_happened = $_POST'whenithappened';
  $how_long = $_POST'howlong';
  $how_many = $_POST'howmany';
  $alien_description = $_POST'aliendescription';
  $what_they_did = $_POST'whattheydid';
  $fang_spotted = $_POST'fangspotted';
  $email = $_POST'email';
  $other = $_POST'other';

  $dbc = mysqli_connect('localhost', 'root', 'Password', 'aliendatabase')
    or die('Error Connecting to MySQL server');

  $query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, " .
    "how_many, alien_description, what_they_did, fang_spotted, other, email) " .
    "VALUES ('$first_name, '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
    "'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

  $result = mysqli_query($dbc, $query)
    or die('Error Querying Database');

  mysqli_close($dbc); 

  echo 'Thanks for submitting the form.<br />';
  echo 'You were abducted ' . $when_it_happened;
  echo ' and were gone for ' . $how_long . '<br />';
  echo 'Number of aliens: ' . $how_many . '<br />';
  echo 'Describe them: ' . $alien_description . '<br />';
  echo 'The aliens did this: ' . $what_they_did . '<br />';
  echo 'Was Fang there? ' . $fang_spotted . '<br />';
  echo 'Other comments: ' . $other . '<br />';
  echo 'Your email address is ' . $email;

?>

</body>
</html>

这是表格/ HTML代码

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Aliens Abducted Me - Report an Abduction</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h2>Aliens Abducted Me - Report an Abduction</h2>

  <p>Share your story of alien abduction:</p>
  <form method="post" action="report.php">
    <label for="firstname">First name:</label>
    <input type="text" id="firstname" name="firstname" /><br />
    <label for="lastname">Last name:</label>
    <input type="text" id="lastname" name="lastname" /><br />
    <label for="email">What is your email address?</label>
    <input type="text" id="email" name="email" /><br />
    <label for="whenithappened">When did it happen?</label>
    <input type="text" id="whenithappened" name="whenithappened" /><br />
    <label for="howlong">How long were you gone?</label>
    <input type="text" id="howlong" name="howlong" /><br />
    <label for="howmany">How many did you see?</label>
    <input type="text" id="howmany" name="howmany" /><br />
    <label for="aliendescription">Describe them:</label>
    <input type="text" id="aliendescription" name="aliendescription" size="32" /><br />
    <label for="whattheydid">What did they do to you?</label>
    <input type="text" id="whattheydid" name="whattheydid" size="32" /><br />
    <label for="fangspotted">Have you seen my dog Fang?</label>
    Yes <input id="fangspotted" name="fangspotted" type="radio" value="yes" />
    No <input id="fangspotted" name="fangspotted" type="radio" value="no" /><br />
    <img src="fang.jpg" width="100" height="175"
      alt="My abducted dog Fang." /><br />
    <label for="other">Anything else you want to add?</label>
    <textarea id="other" name="other"></textarea><br />
    <input type="submit" value="Report Abduction" name="submit" />
  </form>
</body>
</html>

代码直接来自一本书。 php v5.6.22和最新的Apache和MySQL。 任何人都可以告诉我可能出错的地方或我做错了什么

1 个答案:

答案 0 :(得分:4)

看到这个=&gt; $_POST'firstname';和所有其他POST数组?

他们缺少方括号[]

因此,将其更改为$_POST['firstname'];并对所有其他人也执行相同操作。

错误报告可以帮助您,就像阅读表格手册一样。

另外,您应该对数据库中的所有POST阵列使用条件!empty()

如果数据库中的任何一个都为空,如果您的数据库不接受NULL值,则可能会触发错误。

您的('$first_name,也缺少引号并在查询中连接。

这需要重写:

$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, 
    how_many, alien_description, what_they_did, fang_spotted, other, email) 
    VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', 
    '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

脚注:

您目前的代码向SQL injection开放。使用prepared statementsPDOprepared statements