如何用户输入php

时间:2017-09-17 03:58:30

标签: php html mysql

我正在制作一个活动管理系统。我不知道什么是错的,我点击submit button后不断重新加载。

这是我的HTML代码

<?php 
session_start(); 

if (!isset($_SESSION['username'])) {
    $_SESSION['msg'] = "You must log in first";
    header('location: login.php');
}

if (isset($_GET['logout'])) {
    session_destroy();
    unset($_SESSION['username']);
    header("location: login.php");
}

<div class="header">
    <h2>Create Event</h2>
</div>

<form method="post" action="create_event.php">
    <div class="input-group">
        <label>Event Title</label>
        <input type="text" name="event_title" >
    </div>
    <div class="input-group">
    <label>Pick Location</label>
        <select name="location">
            <option>Alabang</option>
            <option>South City</option>
            <option>Batangas</option>
            <option>Cavite</option>
            <option>Laguna</option>
        </select>
    <div class="input-group">
    <label>Address</label>
    <textarea rows="4" cols="50" name="address"></textarea>
    </div>
    <div class="date">
    <label>Pick date and time</label>
    <input type="date" name="date"></br>
    <input type="time" name="time">
    </div>
    <div class="event_info">
        <label>Event Information</label>
        <textarea rows="4" cols="50" name="event_info"></textarea>
    </div>
    <div class="input-group">
        <button type="submit" class="btn" name="create_event">Create Event</button>
    </div>
</form>

PHP代码:

    // Create Event
if (isset($_POST['create_event'])) {
    // receive all input values from the form
    $event_title = mysql_real_escape_string($_POST['event_title']);
    $location = mysql_real_escape_string($_POST['location']);
    $address = mysql_real_escape_string($_POST['address']);
    $date = mysql_real_escape_string($_POST['date']);
    $time = mysql_real_escape_string($_POST['time']);
    $event_info = mysql_real_escape_string($_POST['event_info']);
    $query="select * from `event` where event_title='$_POST[event_title]' or time='$_POST[time]' or date='$_POST[date]'";
    $result=mysql_query($query);
    $count=mysql_num_rows($result);
    if($count>0)
        {
            array_push($errors, "Already used");
        }


    // form validation: ensure that the form is correctly filled
    if (empty($event_title)) { array_push($errors, "Please input title"); }
    if (empty($location)) { array_push($errors, "Location is required"); }
    if (empty($address)) { array_push($errors, "Location is required"); }
    if (empty($time)) { array_push($errors, "Time is required"); }
    if (empty($date)) { array_push($errors, "Date is required"); }
    if (empty($event_info)) { array_push($errors, "Date is required"); }


    // register user if there are no errors in the form
    if (count($errors) == 0) {
        $query = "INSERT INTO `event` (event_title,location,address,time,date,event_info) VALUES ('$event_title', '$location','$address','$time','$date','$event_info')";
$result = mysql_query($query);
echo("success");
    }

}

我认为没有任何错误,因为如果我点击submit button,则不会弹出任何错误。它只是重新加载但没有数据发送到我的数据库。

1 个答案:

答案 0 :(得分:1)

在表单中修改您的提交按钮:

  <input  type = "submit"  name = "create_event" value="create event"/>

同样在行动中使用$_SERVER['PHP_SELF']变量。像这样......

     <form action ="<?php echo 
      htmlspecialchars($_SERVER['PHP_SELF']); 
      ?>" method = "post">

在数据库查询中请使用PDO语句,方便安全。并且在使用之前还要清理用户输入。