我正在尝试将表单数据保存到我的数据库中,但我只是空记录。 我尝试了很多解决方案,但我真的不知道这个错误在哪里。我疯了!
这是我的表格:
<head>
<form action="uploadall.php" method="post">
Name: <input type="text" name="name"><br>
Autore: <input type="text" name="author"><br>
Descrizione: <textarea id="editordescription" name="description" cols="45" rows="15">
</textarea>
<script>
CKEDITOR.replace( 'editordescription' );
</script>
<br>Misure: <input type="text" name="misure"><br>
Data: <input type="text" name="date"><br>
<input type="hidden" name="status" value="Disattivo" size="20">
<input type="submit">
</form>
这是我保存记录的PHP脚本:
<?php
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$name = mysqli_real_escape_string(htmlspecialchars($_POST['name']));
$author = mysqli_real_escape_string(htmlspecialchars($_POST['author']));
$description = mysqli_real_escape_string(htmlspecialchars($_POST['description']));
$misure = mysqli_real_escape_string(htmlspecialchars($_POST['misure']));
$date = mysqli_real_escape_string(htmlspecialchars($_POST['date']));
$status = mysqli_real_escape_string(htmlspecialchars($_POST['status']));
}
$servername = "xxxxxxx";
$username = "xxxxxxx";
$password = "xxxxxxx";
$dbname = "xxxxxxxxx";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO exposition (name, author, description, misure, date, status)
VALUES ('$name', '$author', '$description', '$misure', '$date', '$status')";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
这就是我目前在数据库中获得的内容:
答案 0 :(得分:3)
首先,你正在使用mysqli_*
在某个时刻使用mysql_*
混合mysql api,你使用mysql_*
他们不会混合。 mysql_real_escape_string()
函数已被折旧,后来的php版本不再支持它们。更好地使用mysqli或pdo。此mysqlo_real_escape_string()
或<input type="text" name="name">
不足以阻止您进行sql注入。解决方案很简单,最好先使用mysqli预处理语句或pdo预处理语句。
另一个错误:<input type="text" name="name">
$misure = $_POST['misure'];
这两个输入字段具有相同的名称属性,php只会读取一个。并且您将在此处获得未定义的索引ini_set('display_errors', 1);
error_reporting(E_ALL);
您需要在开发过程中激活错误报告,以便查看错误和通知:
在每个php页面的顶部添加:date
同样date
日期是mysql的保留字,因此您最好使用其他名称作为列名或添加反斜杠if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
$author = mysql_real_escape_string(htmlspecialchars($_POST['author']));
$description = mysql_real_escape_string(htmlspecialchars($_POST['description']));
$misure = mysql_real_escape_string(htmlspecialchars($_POST['misure']));
$date = mysql_real_escape_string(htmlspecialchars($_POST['date']));
$status = mysql_real_escape_string(htmlspecialchars($_POST['status']));
}
哦,你的代码永远不会在这里执行:
POST
为什么?因为submit
属性名称没有<input type="submit">
值。 VALUES ('$name', '$author', '$description', '$misure', '$date', '$status')";
看到了吗?您的提交没有名称属性。因此。这意味着
这一切:
<form action="uploadall.php" method="post">
Name: <input type="text" name="name"><br>
Autore: <input type="text" name="author"><br>
Descrizione: <textarea id="editordescription" name="description" cols="45" rows="15">
</textarea>
<script>
CKEDITOR.replace( 'editordescription' );
</script>
<br>Misure: <input type="text" name="misure"><br>
Data: <input type="text" name="date"><br>
<input type="hidden" name="status" value="Disattivo" size="20">
<input type="submit" name="submit">
</form>
这些都是未定义的变量。我很惊讶为什么你的服务器没有告诉你,通过错误报告,你可以得到所有这些。
这是你需要做的事情来解决这个问题:
你的HTML方面。
<?php
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {
$servername = "xxxxxxx";
$username = "xxxxxxx";
$password = "xxxxxxx";
$dbname = "xxxxxxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//check your inputs are set and validate,filter and sanitize
$name = $_POST['name'];
$author = $_POST['author'];
$description = $_POST['description'];
$misure = $_POST['misure'];
$date = $_POST['date'];
$status = $_POST['status'];
//prepare and bind
$sql = $conn->prepare("INSERT INTO exposition (name, author, description, misure, date, status)
VALUES (?,?,?,?,?,?)");
$sql->bind_param("ssssss", $name, $author, $description, $misure, $date);
if ($sql->execute()) {
echo "New record created successfully";
} else {
//you have an error
}
$conn->close();
}
?>
<强> uploadall.php 强>
<?php
//connection
$servername = 'XXXXXXXXXXXXX';
$dbname = 'XXXXXXXXXXXXX';
$username = 'XXXXXXXXXXXXXX';
$password = 'XXXXXXXXX';
$charset = 'utf8';
$dsn = "mysql:host=$servername;dbname=$dbname;charset=$charset";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$dbh = new PDO($dsn, $username, $password, $opt);
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {
//check your inputs are set and validate,filter and sanitize
$name = $_POST['name'];
$author = $_POST['author'];
$description = $_POST['description'];
$misure = $_POST['misure'];
$date = $_POST['date'];
$status = $_POST['status'];
//prepare and bind
$stmt = $dbh->prepare("INSERT INTO exposition (name, author, description, misure, date, status)VALUES (?,?,?,?,?,?)");
if ($stmt->execute(array($name,$author,$description,$misure,$date,$status))) {
echo "New Record inserted success";
}
}
?>
祝你好运。
更新:
我纠正了你告诉我的错误,我现在正在使用PDO,但它仍然存在 没有工作
我从上面的评论中读到了这一点,但你没有告诉我们错误是什么,但我相信它们是我在上面强调的那些。
使用PDO这将是您实现目标的方式:
user_info
答案 1 :(得分:0)
变量名称问题例如
Name: <input name="name">
并且:
Misure: <input name="name">
。这必须是不同的。
同样,<input type="submit">
应为<input type="submit" name="submit">
。
希望,这会有所帮助。
答案 2 :(得分:-1)
您在INSERT查询中使用的变量超出了从表单中获取数据的第一个if块的范围。如果变量在第一个if块之前初始化它可能有效。像下面..
>>> classifier.most_informative_features(10)
[('turturro', 'positive'),
('inhabiting', 'positive'),
('conflicted', 'positive'),
('taboo', 'positive'),
('overacts', 'positive'),
('rescued', 'positive'),
('stepdaughter', 'positive'),
('pup', 'positive'),
('apologizing', 'positive'),
('inform', 'positive')]
>>> type(classifier.most_informative_features(10)[0][1])
str