我使用Bootstrap模式创建了一个表单,通过PHP建立了数据库连接以及简单的表单验证。当我填写表单并点击提交时,它似乎连接到数据库,没有形式错误回来。它声明:" -1行受到影响。感谢您的RSVP"但是当我查看PHPMyAdmin时,我的数据库中没有输入任何值。
以下是我的PHP:
<?php
//check if form is submitted and not a hack/bot. Checks to see if form is submitte by the post method then runs fxn.
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//grab all values that come from form in these variables. Each line below grabs info typed/selected in each form input. The value in square brackets is the name value of each input. Keep the $variables different from input names.
$rsvpvar = $_POST['rsvpBox'];
$fullnamevar = $_POST['fullName'];
$emailvar = $_POST['emailBox'];
$attendvar = $_POST['attend'];
$guestsvar = $_POST['extraGuests'];
$commentsvar = $_POST['additionals'];
//If fxn checks to see if all above variables have values stored in them using !empty fxn and if not if runs the echo. Use !empty (not empty) and not isset because isset will allow db connection even if some form values are blank. If there is a value stored in all form inputs then we incude this php or run the connetion to database.
if(!empty($rsvpvar) && !empty($fullnamevar) && !empty($emailvar) && !empty($attendvar) && !empty($guestsvar) && !empty($commentsvar)){
//Define the below vaiables within parenthesis.
$hostname = "rsvp.db";
$username = "******";
$password = "******";
$dbname = "rsvp";
//Connection to mysql database. OR die drops connection to database for security reasons. Connect error gives message.
$dbc = mysqli_connect($hostname, $username, $password, $dbname) OR die("Could not connect to database, ERROR: ".mysqli_connect_error());
//Set encoding
mysqli_set_charset($dbc, "utf8");
//insert into table "rsvp" by getting or querying values stored in $dbc variable (db info). You insert into the corresponding rows of the db table (i.e. RSVP), then you grab what you're inserting using the VALUES. What you're inserting comes from the above variables.
mysqli_query($dbc, "INSERT INTO rsvp(RSVP, FULLNAME, EMAIL, ATTEND, GUESTS, COMMENTS) VALUES('$rsvpvar', '$fullnamevar', '$emailvar', '$attendvar', $guestsvar', '$commentsvar')");
//define variable $registered which checks database to make sure values were inserted and rows were affected then outputs how many rows affected. Make sure the $dbc or connection info is inside parenthesis.
$registered = mysqli_affected_rows($dbc);
echo $registered." rows are affected. Thank you for your RSVP";
}else{
echo "ERROR: You did not fill out each section";
}
}else{
echo "Please fill out everything on the RSVP form";
}
&GT;
和我的HTML:
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h2 class="modal-title" id="myModalLabel">RSVP</h2>
</div>
<form role="form" method="post" action="php/rsvp.php">
<div class="modal-body">
<div class="form-inline row response">
<div class="col-sm-12">
<h2>Ya Comin'?</h2>
<div class="radio-inline">
<label class="control-label">
<input type="radio" name="rsvpBox" id="attending" value="option1">
I'll be there with bells on!
</label>
</div>
<div class="radio-inline">
<label class="control-label">
<input type="radio" name="rsvpBox" id="notAttending" value="option2">
Sorry, wish I was cooler...
</label>
</div>
</div>
</div>
<hr>
<div class="deets row">
<div class="col-sm-12">
<h2>Your Deets</h2>
<div class="form-group col-lg-6">
<label class="control-label" for="fullName">Full Name</label>
<input type="text" name="fullName" class="form-control" id="fullName" placeholder="FULL NAME">
</div>
<div class="form-group col-lg-6">
<label class="control-label" for="email">Email</label>
<input type="email" name="emailBox" class="form-control" id="emailBox" placeholder="EMAIL@EXAMPLE.COM">
</div>
</div>
</div>
<hr>
<div class="row days">
<div class="col-sm-12">
<h2>Days Attending</h2>
<div class="checkbox">
<label class="control-label">
<input type="checkbox" name="attend" value="option1">
Friday: Rehersal Dinner & Beach Party
</label>
</div>
<div class="checkbox">
<label class="control-label">
<input type="checkbox" name="attend" value="option2">
Saturday: Wedding & Reception
</label>
</div>
</div>
</div>
<hr>
<div class="guests row">
<div class="col-sm-12">
<h2>Number of Additional Guests</h2>
<select id="extraGuests" name="extraGuests" class="form-control">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</div>
</div>
<div class="extras row">
<div class="col-sm-12">
<h2>Anything Else?</h2>
<h4>Main Course Served Will be Chicken</h4>
<div class="form">
<div class="form-group">
<label class="control-label" for="message"></label>
<textarea name="additionals" id="additionals" class="form-control" rows="3" placeholder="Food specifications, allergies, guest names, etc..."></textarea>
</div>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" name="submit" id="submit" value="send" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
</div>
请帮忙,因为我不是数据库方面的专家......
答案 0 :(得分:1)
您的所有POST
变量是:
$rsvpvar = $_POST['attending'];
$emailvar = $_POST['emailBox'];
$fullnamevar = $_POST['fullName'];
$attend1var = $_POST['friday'];
$attend2var = $_POST['saturday'];
$guestsvar = $_POST['extraGuests'];
$commentsvar = $_POST['additionals'];
所以,应该是条件:
if(!empty($rsvpvar) && !empty($emailvar) && !empty($fullnamevar) && !empty($attend1var) && !empty($attend2var) && !empty($guestsvar) && !empty($commentsvar)){
请在2个无线电输入栏中使用相同名称:
<input type="radio" name="attending" id="attending" value="option1" checked>.
<input type="radio" name="attending" id="notAttending" value="option2">
注意:您的代码对SQL Injection开放。