表单提交后清空数据库记录

时间:2017-03-23 09:50:51

标签: php mysql forms

我正在尝试将表单数据保存到我的数据库中,但我只是空记录。 我尝试了很多解决方案,但我真的不知道这个错误在哪里。我疯了!

这是我的表格:

<head>

<form action="uploadall.php" method="post">
Name: <input type="text" name="name"><br>
Autore: <input type="text" name="author"><br>
Descrizione: <textarea id="editordescription" name="description" cols="45" rows="15">
        </textarea>
        <script>
            CKEDITOR.replace( 'editordescription' );
        </script>
<br>Misure: <input type="text" name="misure"><br>
Data: <input type="text" name="date"><br>
    <input type="hidden" name="status" value="Disattivo" size="20">

<input type="submit">
</form>

这是我保存记录的PHP脚本:

     <?php

     // check if the form has been submitted. If it has, start to process the form and save it to the database
     if (isset($_POST['submit']))
     { 
     // get form data, making sure it is valid
     $name = mysqli_real_escape_string(htmlspecialchars($_POST['name']));
 $author = mysqli_real_escape_string(htmlspecialchars($_POST['author']));
  $description = mysqli_real_escape_string(htmlspecialchars($_POST['description']));
 $misure = mysqli_real_escape_string(htmlspecialchars($_POST['misure']));
 $date = mysqli_real_escape_string(htmlspecialchars($_POST['date']));
  $status = mysqli_real_escape_string(htmlspecialchars($_POST['status']));

     }


    $servername = "xxxxxxx";
    $username = "xxxxxxx";
    $password = "xxxxxxx";
    $dbname = "xxxxxxxxx";

    try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "INSERT INTO exposition (name, author, description, misure, date, status)
    VALUES ('$name', '$author', '$description', '$misure', '$date', '$status')";
    // use exec() because no results are returned
    $conn->exec($sql);
    echo "New record created successfully";
    }
catch(PDOException $e)
    {
    echo $sql . "<br>" . $e->getMessage();
    }

$conn = null;


    ?>

这就是我目前在数据库中获得的内容:

enter image description here

3 个答案:

答案 0 :(得分:3)

首先,你正在使用mysqli_*在某个时刻使用mysql_*混合mysql api,你使用mysql_*他们不会混合。 mysql_real_escape_string()函数已被折旧,后来的php版本不再支持它们。更好地使用mysqli或pdo。此mysqlo_real_escape_string()<input type="text" name="name">不足以阻止您进行sql注入。解决方案很简单,最好先使用mysqli预处理语句或pdo预处理语句。

另一个错误:<input type="text" name="name"> $misure = $_POST['misure'];这两个输入字段具有相同的名称属性,php只会读取一个。并且您将在此处获得未定义的索引ini_set('display_errors', 1); error_reporting(E_ALL);您需要在开发过程中激活错误报告,以便查看错误和通知:

在每个php页面的顶部添加:date

同样date日期是mysql的保留字,因此您最好使用其他名称作为列名或添加反斜杠if (isset($_POST['submit'])) { // get form data, making sure it is valid $name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); $author = mysql_real_escape_string(htmlspecialchars($_POST['author'])); $description = mysql_real_escape_string(htmlspecialchars($_POST['description'])); $misure = mysql_real_escape_string(htmlspecialchars($_POST['misure'])); $date = mysql_real_escape_string(htmlspecialchars($_POST['date'])); $status = mysql_real_escape_string(htmlspecialchars($_POST['status'])); }

  

哦,你的代码永远不会在这里执行:

POST

为什么?因为submit属性名称没有<input type="submit">值。 VALUES ('$name', '$author', '$description', '$misure', '$date', '$status')";看到了吗?您的提交没有名称属性。因此。这意味着

这一切:

<form action="uploadall.php" method="post"> Name: <input type="text" name="name"><br> Autore: <input type="text" name="author"><br> Descrizione: <textarea id="editordescription" name="description" cols="45" rows="15"> </textarea> <script> CKEDITOR.replace( 'editordescription' ); </script> <br>Misure: <input type="text" name="misure"><br> Data: <input type="text" name="date"><br> <input type="hidden" name="status" value="Disattivo" size="20"> <input type="submit" name="submit"> </form> 这些都是未定义的变量。我很惊讶为什么你的服务器没有告诉你,通过错误报告,你可以得到所有这些。

这是你需要做的事情来解决这个问题:

你的HTML方面。

<?php

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {

    $servername = "xxxxxxx";
    $username   = "xxxxxxx";
    $password   = "xxxxxxx";
    $dbname     = "xxxxxxxxx";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }


    //check your inputs are set and validate,filter and sanitize
    $name        = $_POST['name'];
    $author      = $_POST['author'];
    $description = $_POST['description'];
    $misure      = $_POST['misure'];
    $date        = $_POST['date'];
    $status      = $_POST['status'];



    //prepare and bind
    $sql = $conn->prepare("INSERT INTO exposition (name, author, description, misure, date, status)
VALUES (?,?,?,?,?,?)");
    $sql->bind_param("ssssss", $name, $author, $description, $misure, $date);

    if ($sql->execute()) {

        echo "New record created successfully";

    } else {

        //you have an error
    }

    $conn->close();

}

?>

<强> uploadall.php

<?php

    //connection
    $servername = 'XXXXXXXXXXXXX';
    $dbname     = 'XXXXXXXXXXXXX';
    $username   = 'XXXXXXXXXXXXXX';
    $password   = 'XXXXXXXXX';
    $charset    = 'utf8';

    $dsn = "mysql:host=$servername;dbname=$dbname;charset=$charset";
    $opt = [
            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
            PDO::ATTR_EMULATE_PREPARES   => false,
            ];


    $dbh = new PDO($dsn, $username, $password, $opt);

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {




    //check your inputs are set and validate,filter and sanitize
    $name        = $_POST['name'];
    $author      = $_POST['author'];
    $description = $_POST['description'];
    $misure      = $_POST['misure'];
    $date        = $_POST['date'];
    $status      = $_POST['status'];

    //prepare and bind
    $stmt = $dbh->prepare("INSERT INTO exposition (name, author, description, misure, date, status)VALUES (?,?,?,?,?,?)");
    if ($stmt->execute(array($name,$author,$description,$misure,$date,$status))) {

        echo "New Record inserted success";
    }

}

?> 

祝你好运。

更新:

  

我纠正了你告诉我的错误,我现在正在使用PDO,但它仍然存在   没有工作

我从上面的评论中读到了这一点,但你没有告诉我们错误是什么,但我相信它们是我在上面强调的那些。

使用PDO这将是您实现目标的方式:

user_info

答案 1 :(得分:0)

变量名称问题例如      Name: <input name="name"> 并且:     Misure: <input name="name">。这必须是不同的。

同样,<input type="submit">应为<input type="submit" name="submit">。 希望,这会有所帮助。

答案 2 :(得分:-1)

您在INSERT查询中使用的变量超出了从表单中获取数据的第一个if块的范围。如果变量在第一个if块之前初始化它可能有效。像下面..

>>> classifier.most_informative_features(10)
[('turturro', 'positive'),
 ('inhabiting', 'positive'),
 ('conflicted', 'positive'),
 ('taboo', 'positive'),
 ('overacts', 'positive'),
 ('rescued', 'positive'),
 ('stepdaughter', 'positive'),
 ('pup', 'positive'),
 ('apologizing', 'positive'),
 ('inform', 'positive')]

>>> type(classifier.most_informative_features(10)[0][1])
str