使用php将值插入数据库

时间:2017-05-26 14:43:54

标签: php html

我正在使用php和mysql数据库,我想从两个输入类型中获取值并将它们插入到数据库中,当按钮保存单击时运行代码没有显示错误但它不保存在数据库中这里是码。 (注意id是自动增量,admin表包含三列id,username,password) addAdmin.php:

<?php include("connect.php");?>
<div class="col-md-12">
<!-- Add admin -->
<div class="box box-info">
  <div class="box-header with-border">
    <h3 class="box-title">Add admin</h3>
  </div>
  <!-- /.box-header -->
  <!-- form start -->
  <form id="adminForm" class="form-horizontal" action="" method = "get">
    <div class="box-body">

        <div class="form-group">
        <label for="inputName" class="col-sm-2 control-label">User 
  name</label>

        <div class="col-sm-10">
          <input type="text" class="form-control" id="inputName" 
           placeholder="user name" name="username" required >
        </div>
      </div>

      <div class="form-group">
        <label for="inputPassword3" class="col-sm-2 control-
  label">Password</label>

        <div class="col-sm-10">
          <input type="password" class="form-control" id="inputPassword3" 
  placeholder="Password" name="password" required>
        </div>

      </div>





    </div>
    <!-- /.box-body -->
    <div class="box-footer">
        <input  type = "submit" class="btn btn-info pull-right save" name = 
     "submit" value = "save">
      <?php 
      if(isset($_POST["submit"])) {
          $name = $_GET['username'];
          $password = $_GET['password'];


          $insertNewAdmin = "INSERT INTO `admin` VALUES 
          ('$name','$password')";
          mysql_query($insertNewAdmin);

      }
      ?>
    </div>
    <!-- /.box-footer -->
  </form>
</div>
<!-- /.box -->
</div>

1 个答案:

答案 0 :(得分:3)

请允许我使用推荐的行业标准为您重新编写完整的代码。首先,在将表单数据发送到数据库时,尤其是当它包含密码时,您永远不应该使用get方法$_GET

你正在使用的

mysql_* api已经折旧了,因为我在大学读第二年,我已经毕业,有3年的工作经验,因为它被折旧了;)并且在php 7上完全删除了。因此,您应mysqli_*使用PDOv5.5.0 md5,请参阅:Why shouldn't I use mysql_* functions in PHP?

然后你的代码的另一个问题是存在sql inections的风险,正如@Jay Blanchard上面所述,你可以按照他的阻止来了解更多关于他&#39;说:http://jayblanchard.net/demystifying_php_pdo.html

所以为了解决Jay在上面强调的内容,我们使用了一个名为p repared statements的东西:它可以防止SQL注入。

然后我们在现代也不存储密码在纯文本或password_verify()这些天我们使用password_hash()和(userNameColumnName,passwordColumnName)来存储数据库中的密码哈希并检查存储的密码用户输入密码:

在我的代码中,您将看到:"INSERT INTO userNameColumnName是表中您将存储用户名和密码的列.ColumnName是您的表中的列,您将在其中存储密码并确保字符长度至少为60 chars或更好的255。

您不能插入像VALUES ('$name','$password') admin // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } 这样的值,除非您的表格中只有两个字段,因为我猜您不应该至少有3个字段。 的 connect.php 

<?php include("connect.php");

    $errors=false;

if(isset($_POST['submit'])){

    $fields = array("username","password");
    foreach($fields as $fieldname){
        if(!isset($_POST[$fieldname]) && empty($_POST[$fieldname])){

            echo "enter username and password";
            $errors = true;
        }
    }

    if(!$errors){

        $username = $_POST['username'];
        $password = $_POST['password'];

        $hash = password_hash($password);

        $sql = "INSERT INTO admin (userNameColumnName,passwordColumnName) VALUES(?,?)";

        $stmt = $conn->prepare($sql);
        $stmt->bind_param("ss",$username,$hash);
        if($stmt->execute()){

            echo "user added";
        }else{

            echo "error adding user";
            error_log("error".$conn->error); // go and check your error log what was the error
        }
    }

}

?>
<div class="col-md-12">
    <!-- Add admin -->
    <div class="box box-info">
        <div class="box-header with-border">
            <h3 class="box-title">Add admin</h3>
        </div>
        <!-- /.box-header -->
        <!-- form start -->
        <form id="adminForm" class="form-horizontal" action="" method = "POST">
            <div class="box-body">
                <div class="form-group">
                    <label for="inputName" class="col-sm-2 control-label">User 
                    name</label>
                    <div class="col-sm-10">
                        <input type="text" class="form-control" id="inputName" 
                            placeholder="user name" name="username" required >
                    </div>
                </div>
                <div class="form-group">
                    <label for="inputPassword3" class="col-sm-2 control-
                        label">Password</label>
                    <div class="col-sm-10">
                        <input type="password" class="form-control" id="inputPassword3" 
                            placeholder="Password" name="password" required>
                    </div>
                </div>
            </div>
            <!-- /.box-body -->
            <div class="box-footer">
                <input  type = "submit" class="btn btn-info pull-right save" name = "submit" value = "save">
            </div>
            <!-- /.box-footer -->
        </form>
    </div>
    <!-- /.box -->
</div>

然后是另一页

<system.serviceModel>
    <bindings>
        <basicHttpsBinding>
            <binding name="BasicHttpsBinding_Ipenergydata">
                <security mode="Transport"/>
            </binding>
        </basicHttpsBinding>
    </bindings>
    <client>
        <endpoint address="https://wcfservices.myefaactweb.com/penergydata/penergydata.svc" binding="basicHttpsBinding" bindingConfiguration="BasicHttpsBinding_Ipenergydata" contract="penergydata.Ipenergydata" name="BasicHttpsBinding_Ipenergydata"/>
    </client>
</system.serviceModel>
相关问题
最新问题