此服务器确认PHP连接,但表单中输入的值不会仅存储为空表行。
PHP代码:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Aliens Abducted Me - Report an Abduction</title>
</head>
<body>
<h2>Aliens Abducted Me - Report an Abduction</h2>
<?php
$name = $_POST'firstname';
$last_name =$_POST'lastname';
$when_it_happened = $_POST'whenithappened';
$how_long = $_POST'howlong';
$how_many = $_POST'howmany';
$alien_description = $_POST'aliendescription';
$what_they_did = $_POST'whattheydid';
$fang_spotted = $_POST'fangspotted';
$email = $_POST'email';
$other = $_POST'other';
$dbc = mysqli_connect('localhost', 'root', 'Password', 'aliendatabase')
or die('Error Connecting to MySQL server');
$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted, other, email) " .
"VALUES ('$first_name, '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";
$result = mysqli_query($dbc, $query)
or die('Error Querying Database');
mysqli_close($dbc);
echo 'Thanks for submitting the form.<br />';
echo 'You were abducted ' . $when_it_happened;
echo ' and were gone for ' . $how_long . '<br />';
echo 'Number of aliens: ' . $how_many . '<br />';
echo 'Describe them: ' . $alien_description . '<br />';
echo 'The aliens did this: ' . $what_they_did . '<br />';
echo 'Was Fang there? ' . $fang_spotted . '<br />';
echo 'Other comments: ' . $other . '<br />';
echo 'Your email address is ' . $email;
?>
</body>
</html>
这是表格/ HTML代码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Aliens Abducted Me - Report an Abduction</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Aliens Abducted Me - Report an Abduction</h2>
<p>Share your story of alien abduction:</p>
<form method="post" action="report.php">
<label for="firstname">First name:</label>
<input type="text" id="firstname" name="firstname" /><br />
<label for="lastname">Last name:</label>
<input type="text" id="lastname" name="lastname" /><br />
<label for="email">What is your email address?</label>
<input type="text" id="email" name="email" /><br />
<label for="whenithappened">When did it happen?</label>
<input type="text" id="whenithappened" name="whenithappened" /><br />
<label for="howlong">How long were you gone?</label>
<input type="text" id="howlong" name="howlong" /><br />
<label for="howmany">How many did you see?</label>
<input type="text" id="howmany" name="howmany" /><br />
<label for="aliendescription">Describe them:</label>
<input type="text" id="aliendescription" name="aliendescription" size="32" /><br />
<label for="whattheydid">What did they do to you?</label>
<input type="text" id="whattheydid" name="whattheydid" size="32" /><br />
<label for="fangspotted">Have you seen my dog Fang?</label>
Yes <input id="fangspotted" name="fangspotted" type="radio" value="yes" />
No <input id="fangspotted" name="fangspotted" type="radio" value="no" /><br />
<img src="fang.jpg" width="100" height="175"
alt="My abducted dog Fang." /><br />
<label for="other">Anything else you want to add?</label>
<textarea id="other" name="other"></textarea><br />
<input type="submit" value="Report Abduction" name="submit" />
</form>
</body>
</html>
代码直接来自一本书。 php v5.6.22和最新的Apache和MySQL。 任何人都可以告诉我可能出错的地方或我做错了什么
答案 0 :(得分:4)
看到这个=&gt; $_POST'firstname';
和所有其他POST数组?
他们缺少方括号[]
。
因此,将其更改为$_POST['firstname'];
并对所有其他人也执行相同操作。
错误报告可以帮助您,就像阅读表格手册一样。
另外,您应该对数据库中的所有POST阵列使用条件!empty()
。
如果数据库中的任何一个都为空,如果您的数据库不接受NULL值,则可能会触发错误。
您的('$first_name,
也缺少引号并在查询中连接。
这需要重写:
$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long,
how_many, alien_description, what_they_did, fang_spotted, other, email)
VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many',
'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";
脚注:
您目前的代码向SQL injection开放。使用prepared statements或PDO与prepared statements。