值未插入SQL数据库中

时间:2016-08-02 17:41:47

标签: php mysql sql-server database

我无法弄清楚为什么这个PHP文件中的值没有插入到我的SQL数据库中。代码几乎与我用于不同表的工作PHP文件相同。代码如下:

    <?php
mysql_connect("xxx","xxx","xxx");
mysql_select_db("andrew_history");
$Name=$_POST['Name'];
$Year=$_POST['Year'];
$Press=$_POST['Press'];
$Description = $_POST['Description'];
$Title = $_POST['Title'];


$dbLink = mysql_connect("xxxx", "xxxx", "xxxxxx");
    mysql_query("SET character_set_client=utf8", $dbLink);
    mysql_query("SET character_set_connection=utf8", $dbLink);

if($submit)
{
    if($Name&&$Year&&$Press&&$Description&&$Title)
    {
        $insert=mysql_query("INSERT INTO historytable (Name,Year,Press,Description,Title) VALUES ('$Name','$Year','$Press', '$Description', '$Title') ");
        echo "<meta HTTP-EQUIV='REFRESH' content='0; url=history.php'>";
    }
    else
    {
        echo "please fill out all fields";
     }
}
?>
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>History</title>
 </head>

 <body>
 <center>
 <form action="history.php" method="POST">
 <table>
 <tr><td>Name: <input type="text" name="Name"/></td></tr>
 <tr><td>Year: <input type="text" name="Year"/></td></tr>
 <tr><td>Press: <input type="text" name="Press"/></td></tr>
 <tr><td>Title: <input type="text" name="Title"/></td></tr>
 <tr><td colspan="2">Description: </td></tr>
 <tr><td colspan="5"><textarea name="Description" rows="10" cols="50"></textarea></td></tr>
 <tr><td colspan="2"><input type="submit" name="submit" value="Description"></td></tr>
</table>
</form>

<?php
 $dbLink = mysql_connect("xxxx", "xxxx", "xxxxx");
    mysql_query("SET character_set_results=utf8", $dbLink);
    mb_language('uni');
    mb_internal_encoding('UTF-8');


$getquery=mysql_query('SELECT * FROM historytable ORDER BY id DESC');


 while($rows=mysql_fetch_assoc($getquery))
    {
        $id=$rows['id'];
        $Name=$rows['Name'];
        $Year=$rows['Year'];
        $Press=$rows['Press'];
        $Description=$rows['Description'];
        $Title=$rows['Title'];
        echo $Name . $Year . '<br/>' . '<br/>' . $Press . '<br/>' . '<br/>' . $Description . $Title;
    }
?>

</body>
</html>

链接到网站:http://aswanson.net/Work/history.php

2 个答案:

答案 0 :(得分:1)

我会通过向所有MySQL调用添加错误检查来开始调试它,以便在失败时打印相应的消息。确保包含mysql_error()返回的消息。一旦您使用适当的诊断工具进行检测,问题就会变得明显。

那说,两个音符:

  • mysql_ API已弃用,您应该使用mysqli_或PDO,除非这是遗留代码。
  • 确保正确转义用户输入以避免SQL注入攻击。由于您公开发布了网站的网址以及易受攻击的代码,因此此问题尤其重要。恶意个人现在确切地知道他需要做什么才能对您的服务器运行任意MySQL查询。

答案 1 :(得分:0)

if($ submit)这里是错误的。你还没有设置任何$ submit变量。请检查下面的代码。

<?php
mysql_connect("xxx","xxxx","xxxx");
mysql_select_db("andrew_history");
$Name=$_POST['Name'];
$Year=$_POST['Year'];
$Press=$_POST['Press'];
$Description = $_POST['Description'];
$Title = $_POST['Title'];

$dbLink = mysql_connect("xxxx", "xxxx", "xxxx");
mysql_query("SET character_set_client=utf8", $dbLink);
mysql_query("SET character_set_connection=utf8", $dbLink);

if(isset($_POST['submit']))
{
   if(!empty($Name) && !empty($Year) && !empty($Press) && !empty($Description) && !empty($Title))
  {
    $insert=mysql_query("INSERT INTO historytable (Name,Year,Press,Description,Title) VALUES ('$Name','$Year','$Press', '$Description', '$Title') ");
    echo "<meta HTTP-EQUIV='REFRESH' content='0; url=history.php'>";
}
else
{
    echo "please fill out all fields";
}
}
?>
相关问题
最新问题