<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() ) {
$emp_name = addslashes ($_POST['emp_name']);
$emp_address = addslashes ($_POST['emp_address']);
}else {
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
}
$emp_salary = $_POST['emp_salary'];
$sql = "insert into employee(emp_name,emp_address, emp_salary)values('$emp_name','$emp_address','$emp_salary')";
mysqli_select_db($conn,"test_db");
$retval = mysqli_query($conn,$sql);
if(!$retval) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text"
id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text"
id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "add" type = "submit" id = "add"
value = "Add Employee">
</td>
</tr>
</table>
</form>
<?php
}
?>
当我尝试输入值并在此时按下提交按钮时,我没有收到任何错误,但我无法在数据库中输入值。 问题是我得到的文字是&#34;无法输入数据:表&#39;员工&#39;是只读的#34;。有人可以帮我解决这个问题吗?
我在wamp服务器中创建了数据库(test_db)和table(employee)。
答案 0 :(得分:1)
我确定您未授权用户在您的表格中输入数据 请编辑schema_name,并在DB上执行查询:
GRANT ALL ON TABLE schema_name.employee TO root;
您也可以在没有架构的情况下尝试: GRANT ALL ON TABLE employee to root;
答案 1 :(得分:1)
你的问题解决了。尽管如此,我强烈建议您使用Prepared Statements,否则您的代码将打开SQL注入和可能的引用问题。
你正在混合mysql和mysqli。停下来。既然你正在使用mysqli, 利用准备好的语句和bind_param,否则你就是 打开SQL注入和可能的引用问题。 - @ aynber
<强> 更改
die('Could not connect: ' . mysql_error());更改为die('Could not connect: ' . mysqli_connect_error()); mysql_close($conn);更改为mysqli_close($conn); action = "<?php $_PHP_SELF ?>"更改为action = "<?php echo $_SERVER['PHP_SELF']; ?>" 更新代码
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$db = "test_db";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $db);
if(! $conn ) {
die('Could not connect: ' . mysqli_connect_error());
}
$stmt = mysqli_prepare($conn, "INSERT INTO employee(emp_name,emp_address, emp_salary) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sss', $_POST['emp_name'], $_POST['emp_address'], $_POST['emp_salary']);
if(!mysqli_stmt_execute($stmt)) {
die('Could not enter data: ' . mysqli_error($conn));
}
echo "Entered data successfully\n";
mysqli_close($conn);
} else {
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
<table width = "400" border = "0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text" id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text" id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text" id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td><input name = "add" type = "submit" id = "add" value = "Add Employee"></td>
</tr>
</table>
</form>
<?php
}
?>
快速查看