我对编程很陌生,而且我正在尝试处理某些事情。这是我从html到php使用的代码。当我在服务器上运行它并放置值时,它只刷新页面。我需要在代码上改变一些东西
连接:
<?php
$servername = "localhost";
$username = "root";
$password = "1234";
$database = "finance_payments";
//connection error
$conn_error = "Could not connect.";
// Create connection
$conn = mysql_connect($servername, $username, $password);
$db_select = mysql_select_db($database);
// Check connection and database selection
if(!mysql_connect($servername, $username, $password) || !mysql_select_db($database)){
die($conn_error);
}
?>
和页面:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Payments Register</title>
<link rel="stylesheet" type="text/css" href="Styles/registration_stylesheet.css">
</head>
<body>
<?php
//include/require the database connection file
require 'Includes/dbconnect.php';
//checking if fields are set
if(isset($_POST['S_No']) && isset($_POST['Date']) && isset($_POST['Payee']) && isset($_POST['Details']) && isset($_POST['Branch_or_Dept']) && isset($_POST['Amount']) && isset($_POST['Invoice_No'])){
//creating variables
$S_No = $_POST['S_No'];
$Date = $_POST['Date'];
$Payee = $_POST['Payee'];
$Details = $_POST['Details'];
$Branch_or_Dept = $_POST['Branch_or_Dept'];
$Amount = $_POST['Amount'];
$Inovice_No = $_POST['Invoice_No'];
//checking if variables are not empty
if(!empty($S_No) && !empty($Date) && !empty($Payee) && !empty($Details) && !empty($Branch_or_Dept) && !empty($Amount) && !empty($Inovice_No)){
//if they are not empty
//insert into database
//to escape html injection - mysql_real_escape_string
$query = "INSERT INTO payments_miscellaneous (S_No, Date, Payee, Details, Branch_or_Dept, Amount, Invoice_No) VALUES ('".mysql_real_escape_string($S_No)."', '".mysql_real_escape_string($Date)."', '".mysql_real_escape_string($Payee)."','".mysql_real_escape_string($Details)."','".mysql_real_escape_string($Branch_or_Dept)."','".mysql_real_escape_strin g($Amount)."','".mysql_real_escape_string($Inovice_No)."')";
if($query_run = mysql_query($query)){
//direct to success page
header('Location: finance_records/register_success.php');
}else//if query fails{
echo "Record not inserted, please try again later.";
}
}else{//if they are empty
echo "All fields are required.";
}
?>
<header class="body">
<h2><i><u>Payments Registration Form</u></i></h2>
</header>
<section class = "body">
<form method="post" action="miscellaneous.php">
<label>S.No</label>
<input name = "S_No" placeholder = "Enter number">
<label>Date</label>
<input name = "Date" placeholder = "Enter date">
<label>Payee</label>
<input name = "Payee" placeholder = "Enter name of payee">
<label>Details</label>
<input name = "Details" placeholder = "Enter details of payment">
<label>Branch/Dept</label>
<input name = "Branch_or_Dept" placeholder = "Enter branch/dept of payee">
<label>Amount</label>
<input name = "Amount" placeholder = "Enter amount in ZMW or USD">
<label>Invoice No</label>
<input name = "Inovice_No" placeholder = "Enter invoice number">
<input id="submit" name="submit" type="submit" value="Enter">
</form>
<p>
<a HREF="index.php">Go back to homepage</a>
</p>
答案 0 :(得分:0)
date是mysql中的keyword。所以你必须转义列Name:
$query = "INSERT INTO payments_miscellaneous (S_No, `Date`, Payee, Details, Branch_or_Dept, Amount, Invoice_No) VALUES ('".mysql_real_escape_string($S_No)."', '".mysql_real_escape_string($Date)."', '".mysql_real_escape_string($Payee)."','".mysql_real_escape_string($Details)."','".mysql_real_escape_string($Branch_or_Dept)."','".mysql_real_escape_strin g($Amount)."','".mysql_real_escape_string($Inovice_No)."')";
提示1:使用已弃用的mysql_* API停止。使用mysqli_´or PDO`代替准备好的语句来防止SQL注入。
提示2:运行SQL命令后检查错误。
答案 1 :(得分:0)
嗨使用mysqli代替mysql,因为mysql是depreciated。如果代码未在mysqli error中插入记录,也会打印database。所以添加
print_r(mysqli_error($con)); in else part to `print error`
dbconnect.php
$con=mysqli_connect($servername ,$username,$password , $database);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
miscellaneous.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Payments Register</title>
<link rel="stylesheet" type="text/css" href="Styles/registration_stylesheet.css">
</head>
<body>
<?php
//include/require the database connection file
require 'Includes/dbconnect.php';
//checking if fields are set
if(isset($_POST['S_No']) && isset($_POST['Date']) && isset($_POST['Payee']) && isset($_POST['Details']) && isset($_POST['Branch_or_Dept']) && isset($_POST['Amount']) && isset($_POST['Invoice_No'])){
//creating variables
$S_No = $_POST['S_No'];
$Date = $_POST['Date'];
$Payee = $_POST['Payee'];
$Details = $_POST['Details'];
$Branch_or_Dept = $_POST['Branch_or_Dept'];
$Amount = $_POST['Amount'];
$Inovice_No = $_POST['Invoice_No'];
//checking if variables are not empty
if(!empty($S_No) && !empty($Date) && !empty($Payee) && !empty($Details) && !empty($Branch_or_Dept) && !empty($Amount) && !empty($Inovice_No)){
//to escape html injection - mysql_real_escape_string
$query = "INSERT INTO payments_miscellaneous (S_No, Date, Payee, Details, Branch_or_Dept, Amount, Invoice_No) VALUES ('".mysql_real_escape_string($S_No)."', '".mysql_real_escape_string($Date)."', '".mysql_real_escape_string($Payee)."','".mysql_real_escape_string($Details)."','".mysql_real_escape_string($Branch_or_Dept)."','".mysql_real_escape_strin g($Amount)."','".mysql_real_escape_string($Inovice_No)."')";
// echo $query;die; print it and see it is right
if($query_run = mysqli_query($con,$query)){
//direct to success page
header('Location: finance_records/register_success.php');
}else//if query fails{
echo "Record not inserted, please try again later.";
print_r(mysqli_error($con));// add this to print your sql error
}
}else{//if they are empty
echo "All fields are required.";
}
?>
// your form ...