我正在尝试学习一些html / php。我创建了一个表单,我想将信息提交给MYSQL数据库。我创建了数据库并创建了表单等。我遇到的问题是,在提交表单时,它会向表格提交空白信息。如果我将变量替换为发布到数据库的“123”,那么似乎不会将索引中的信息拉到表单中。无法解决为什么发布空白信息,任何建议?我的索引页是:
<html>
<head>
<style type="text/css">
.sms_image
{
text-align: right-side;
}
</style>
<script src="//www.powr.io/powr.js" external-type="html"></script>
<div class="powr-hit-counter" id="b6cbafa4_1487845849" align="right-side" </div>
<p class="sms_image"><img src="http://images.knowledge- action.co.uk/sites/default/files/sms_logo_short_0.jpg" height="100" width="170"> </img><br></p>
<title> Simply Mail Solutions </title>
</head>
<body background="https://media.licdn.com/media/AAEAAQAAAAAAAAYCAAAAJDQ1YTQ0MTNlLWI2MD ItNGYxOS05MjMxLWFmOTZhNjgyMjNhMA.png">
<font color="white">Welcome to a random test page</font>
<br>
<br>
<form action="yourform-processor.php" name="FirstAttempt" method="POST" enctype="text/plain">
<font face="impact" color="white">Client ID:</font>
<input type="text" name="client_id" ><br>
<br>
<font face="impact"color="white">Domain:</font>
<input type="text" name="domain"><br>
<br>
<font face="impact" color="white">Comments:</font>
<input type="textarea" name="comment" style="width: 568px; height: 273px"> <br>
<br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
<br>
<br>
</form>
<footer>
<p>Posted by: Dylan Cunliffe</p>
</footer>
</body>
</html>"
我发布到数据库的PHP表单是:
<?php
$servername = "localhost";
$username = "Dylanc";
$password = "xxx";
$dbname = "FirstAttempt";
$errors = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//first validate user input
if (empty($_POST['client_id'])) {
echo "enter client id";
$errors++;
} else {
$client_id = $_POST["client_id"];
}
if (empty($_POST['domain'])) {
echo "enter domain";
$errors++;
} else {
$domain = $_POST["domain"];
}
if (empty($_POST['comment'])) {
echo "enter comment";
$errors++;
} else {
$comment = $_POST["comment"];
}
if ($errors <= 0) {
//fields are not empty save to db
$sql = $conn->prepare("INSERT INTO FirstAttempt (client_id,domain,comment) VALUES(?,?,?) ");
$sql->bind_param("ssss", $client_id, $domain, $comment);
if ($sql->execute()) {
echo "New record created successfully";
} else {
//report bacck the error
}
}
$conn->close();
?>
任何建议都将不胜感激。
答案 0 :(得分:0)
最好和简单的清洁解决方案使用mysqli准备的声明,或使用pdo预处理语句。
MYSQLI准备:
<?php
$servername = "localhost";
$username = "Dylanc";
$password = "xxxx";
$dbname = "FirstAttempt";
$errors = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//first validate user input
if (empty($_POST['client_id'])) {
echo "enter client id";
$errors++;
} else {
$client_id = $_POST["client_id"];
}
if (empty($_POST['domain'])) {
echo "enter domain";
$errors++;
} else {
$domain = $_POST["domain"];
}
if (empty($_POST['comment'])) {
echo "enter comment";
$errors++;
} else {
$comment = $_POST["comment"];
}
if ($errors <= 0) {
//fields are not empty save to db
$sql = $conn->prepare("INSERT INTO FirstAttempt (client_id,domain,comment) VALUES(?,?,?) ");
$sql->bind_param("ssss", $client_id, $domain, $comment);
if ($sql->execute()) {
echo "New record created successfully";
} else {
//report bacck the error
}
}
$conn->close();
?>
<?php
$servername = "localhost";
$username = "Dylanc";
$password = "xxxx";
$dbname = "FirstAttempt";
$charset = 'utf8';
$dsn = "mysql:host=$servername;dbname=$dbname;charset=$charset";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$conn = new PDO($dsn, $username, $password, $opt);
//first validate user input
//first validate user input
if (empty($_POST['client_id'])) {
echo "enter client id";
$errors++;
} else {
$client_id = $_POST["client_id"];
}
if (empty($_POST['domain'])) {
echo "enter domain";
$errors++;
} else {
$domain = $_POST["domain"];
}
if (empty($_POST['comment'])) {
echo "enter comment";
$errors++;
} else {
$comment = $_POST["comment"];
}
if ($errors <= 0) {
$stmt = $conn->prepare("INSERT INTO FirstAttempt(client_id, domain, comment) VALUES(?,?,?)");
if ($stmt->execute(array(
$client_id,
$domain,
$comment
))) {
echo "New record created successfully";
} else {
// error in your code.
}
}
?>
注意:如果我们想要从外部源(如用户输入)插入任何数据,那么清理数据非常重要 验证
更新:
<form action="yourform-processor.php" name="FirstAttempt" method="POST">
<font face="impact" color="white">Client ID:</font>
<input type="text" name="client_id" ><br>
<br>
<font face="impact"color="white">Domain:</font>
<input type="text" name="domain"><br>
<br>
<font face="impact" color="white">Comments:</font>
<input type="textarea" name="comment" style="width: 568px; height: 273px"> <br>
<br>
<input type="submit" value="Send" name="submit">
<input type="reset" value="Reset">
<br>
<br>
</form>
<强> yourform-processor.php
<?php
$servername = "localhost";
$username = "Dylanc";
$password = "xxx";
$dbname = "FirstAttempt";
$errors = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['submit'])) {
//first validate user input
if (empty($_POST['client_id'])) {
echo "enter client id";
$errors++;
} else {
$client_id = $_POST['client_id'];
}
if (empty($_POST['domain'])) {
echo "enter domain";
$errors++;
} else {
$domain = $_POST['domain'];
}
if (empty($_POST['comment'])) {
echo "enter comment";
$errors++;
} else {
$comment = $_POST['comment'];
}
if ($errors <= 0) {
//fields are not empty save to db
$sql = $conn->prepare("INSERT INTO FirstAttempt (client_id,domain,comment) VALUES(?,?,?) ");
$sql->bind_param("ssss", $client_id, $domain, $comment);
if ($sql->execute()) {
echo "New record created successfully";
} else {
//report bacck the error
}
}
$conn->close();
}
?>