PHP / MySQL在数据库中创建空白记录

时间:2016-09-05 19:23:01

标签: php html mysql

我有一个用户输入表单(HTML),它应该获取信息并通过PHP将其插入MySQL数据库。 PHP显然执行并回应"您的注册已成功完成"。在数据库中创建了一条记录,但列是空白的(我已从PHP代码中删除了我的服务器,数据库和密码)。

HTML:

<!DOCTYPE html>


<head>

<link rel="stylesheet" type="text/css" href="css/styles.css">
<title>User Portal</title>

</head>

    <div class="inputContainer">

        <header>
            User Information Portal
        </header>

            <form action="php/userPost.php" method="post">

                <label for=firstName">First Name</label>
                <input type="text" id=firstName" name="fname">

                <br><br>

                <label for="lastName">Last Name</label>
                <input type="text" id="lastName" name="lname">

                <br><br>

                <label for="eMail">Email</label>
                <input type="text" id="eMail" name="email">

                <br><br>

                <label class="labelRole" for="userRole">Role -</label><br>
                <input type="radio" id="userRole" name="role" value="Instructor"> Instructor

                <input class="submitButton" type="submit" name="submit" value="Register">

            </form>

    </div>
    </body>

PHP:

<?php

$sname = "server-name";
$uname = "username";
$pword = "password";
$dbname = "web_tech_test";
$conn = new mysqli($sname, $uname, $pword, $dbname);



if ($conn->connect_error) {
    die("Connection failure: " . $conn->connect_error);
}

$fname = !empty($_POST['firstName']);
$lname = !empty($_POST['lastName']);
$email = !empty($_POST['eMail']);
$role = isset($_POST['userRole']);


$sql = "INSERT INTO users (first_name, last_name, email, role)
VALUES ('$fname', '$lname', '$email', '$role')";

if ($conn->query($sql) === TRUE) {
    echo "Your registration has completed successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

?>

这会在数据库中创建一条新记录,但所有列都是空白的。任何想法为什么会这样?

2 个答案:

答案 0 :(得分:3)

$fname = !empty($_POST['firstName']);
$lname = !empty($_POST['lastName']);
$email = !empty($_POST['eMail']);
$role = isset($_POST['userRole']);

此代码返回布尔值,而不是字符串值...

使用!empty()仅用于验证

示例 

if(empty($_POST['eMail'])) {
     die("Email cannot be empty");
}

答案 1 :(得分:1)

您在输入上混淆了id和名称标签。 名称标签是作为服务器密钥提交的名称标签。

在提交表单后,在服务器php脚本中尝试此操作,以查看服务器实际接收的键/值:

var_dump($_POST);

另外,如果要检查是否已填写所有字段,请使用类似的内容:

if (empty($_POST['firstName'])) {
    die("firstname is empty!");
}

在您当前的示例中,您实际上是在为变量保存一个布尔值。

最后但并非最不重要的是,永远不要将可能不安全的源(如用户输入)中的变量直接插入到SQL中。使用pdo:http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers来实现此目的

让您入门的完整代码示例:

//prepare your values
if (empty($_POST['fname']) || empty($_POST['lname']|| empty($_POST['email']|| !isset($_POST['role'])) {
    die ("some values were empty or not set");
}

//prepare your database
$db = new PDO('mysql:host=server-name;dbname=web_tech_test;charset=utf8mb4', 'username', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //throw an exception if there is an error

//create your query
$stmt = $db->prepare("INSERT INTO users (first_name, last_name, email, role) VALUES (:first_name,:last_name,:email,:role)"); //create a query statement
$stmt->bindValue(":first_name", $firstName); //put your values into your statement
$stmt->bindValue(":last_name", $lastName);
$stmt->bindValue(":email", $email);
$stmt->bindValue(":role", $role);

if ($stmt->execute()) { //execute the query
    echo "Your registration has completed successfully";
} else {
    echo "Error :(";
}
相关问题
最新问题