我是php的初学者。代码似乎是正确的,但是当我尝试将表单中的数据插入数据库时,它不会进入数据库。我的代码出了什么问题?
这是我的代码
addemployee.php
echo '<form action="addemployee.php" method="POST">';
echo '<table align ="center">';
echo '<tr><td>First Name: </td> <td><input type="text" name="first" pattern="[A-Za-z]{1,}" title="A-Z only" required></td> </tr>';
echo '<tr><td>Middle Initial: </td><td><input type="text" name="middle"></td></tr>';
echo '<tr><td>Last Name:</td><td> <input type="text" name="last"></td></tr>';
echo '<tr><td>Contact Number:</td><td> <input type="tel" name="contact" maxlength="11"></td></tr>';
echo '<tr> <td>Province: </td><td> <input type="text" name="provincee"></td></tr>';
echo '<tr> <td>City: </td><td> <input type="text" name="cityy"></td></tr>';
echo '<tr> <td>Username:</td><td> <input type="email" name="usernamee"></td></tr>';
echo '<tr><td>Password:</td><td> <input type="password" name="pass"></td></tr>';
echo '</table>';
echo '<br> <input type="Submit" name="submitt">';
if(isset($_POST['submitt'])){
$firstname=$_POST['first'];
$middleinitial=$_POST['middle'];
$lastname=$_POST['last'];
$contactnumber=$_POST['contact'];
$province= $_POST['provincee'];
$city =$_POST['cityy'];
$username=$_POST['usernamee'];
$password=$_POST['pass'];
$type= 'employee';
$query=("INSERT INTO usertbl (fname,middeinitial,lname,contactnum,province,city,username,password,type) VALUES ('$firstname','$middleinitial','$lastname','$contactnumber','$province',
'$city','$username','$password','$type')");
mysqli_query($db, $query);
}
echo '</form>';
答案 0 :(得分:1)
请检查更改: -
addemployee.php
<!-- use html form not php generated form -->
<form action="addemployee.php" method="POST">
<table align ="center">
<tr><td>First Name: </td> <td><input type="text" name="first" pattern="[A-Za-z]{1,}" title="A-Z only" required></td> </tr>
<tr><td>Middle Initial: </td><td><input type="text" name="middle"></td></tr>
<tr><td>Last Name:</td><td> <input type="text" name="last"></td></tr>
<tr><td>Contact Number:</td><td> <input type="tel" name="contact" maxlength="11"></td></tr>
<tr> <td>Province: </td><td> <input type="text" name="provincee"></td></tr>
<tr> <td>City: </td><td> <input type="text" name="cityy"></td></tr>
<tr> <td>Username:</td><td> <input type="email" name="usernamee"></td></tr>
<tr><td>Password:</td><td> <input type="password" name="pass"></td></tr>
</table>
<br>
<input type="Submit" name="submitt">
</form>
<?php
error_reporting(E_ALL); // check all type of error
ini_set('display_errors',1); // display those errors
if(isset($_POST['submitt'])){
$firstname=$_POST['first'];
$middleinitial=$_POST['middle'];
$lastname=$_POST['last'];
$contactnumber=$_POST['contact'];
$province= $_POST['provincee'];
$city =$_POST['cityy'];
$username=$_POST['usernamee'];
$password=$_POST['pass'];
$type= 'employee';
$db = mysqli_connect ('hostname','username','password','dbname') or die(mysqli_connect_error()); // provide your details here
$query=("INSERT INTO usertbl (fname,middeinitial,lname,contactnum,province,city,username,password,type) VALUES ('$firstname','$middleinitial','$lastname','$contactnumber','$province',
'$city','$username','$password','$type')");
if(mysqli_query($db, $query)){
echo "Inserted successfully";
}else{
echo "error:-".mysqli_error($db);
}
}
?>
注意: - 您的代码向SQLInjection开放。请阅读prepared statements或mysqli_*的{{1}}并使用它们。