表单数据不会进入我的数据库

时间:2017-09-29 09:02:31

标签: php

我有两段代码似乎无法解决错误。 搜索这个网站,我看到很多其他人有同样的问题。使用一些给定的答案,我用我给出的代码塑造了我的代码,但无济于事。 测试我的表单,传递的所有变量(在php文件中使用“echo”) 我的表单看起来像这样:         

    <div style="position: absolute; left: 10px; top: 290px; z-index: 6;">
      <form name="offerings" action="Offer_done.php"  method="POST">
      <table>
      <tr>
       <td align="right">First Name:</td>
       <td align="left"><input type="text" name="fname" required vspace="4" 
         /></td>
       </tr>
       <tr>
       <td align="right">Last Name:</td>
       <td align="left"><input type="text" name="lname" required vspace="4" 
         /></td>
       </tr>
       <tr>
       <td align="right">Email:</td>
       <td align="left"><input type="text" name="email"  required vspace="4" 
         /></td>
       </tr>
       <tr>
       <td align="right">Choose Your Card:</td>
       <td><input list="card_type" name="card_type" required /></td>
           <datalist id="card_type">
              <option value="American Express">
              <option value="Cirrus">
              <option value="Diners Club">
              <option value="Discover">
              <option value="MasterCard">
              <option value="Visa">
           </datalist>
       </tr>
       <tr>
       <td align="right">Credit Card Num:</td>
       <td align="left"><input type="text" name="c_number" required 
            SIZE="16" MAXLENGTH="16" vspace="4" /></td>
       </tr>
       <tr>
       <td align="right">CV Code:</td>
       <td align="left"><input type="text" name="cv_code" required SIZE="4" 
           MAXLENGTH="4" vspace="4" /></td>
       </tr>
       <tr>
       <td align="right">Offering Amt($):</td>
       <td align="left">$<input type="number" name="amount" value="1" 
           min="0" step="1.00" data-number-to-fixed="2" data-number-
           stepfactor="100" class="currency" id="c1" name="money" required 
           SIZE="7" MAXLENGTH="7" vspace="4" />
       </tr>
       <tr>
       <td align="right"><INPUT TYPE="submit" VALUE="Submit Your Offering">
       </td>

       <td><input action="action" onclick="window.history.go(-1); return 
           false;" type="button" value="Cancel - Back To Index Page" /></td>
       </tr>

   </table>
  </form>

  </div>
  <!- - - - - - - - - - - - - - - - - - End Form- - - - - - - - - - - - - - 
   - - - - - - - ->

我要处理和发送的php文件如下所示:

    <?php

    $conn = mysqli_connect("localhost", "root", "xuncle", "offerings");
    if(!$conn) {
        die("connection failed: " .mysqli_connect_error());
    }

        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $email = $_POST['email'];
        $card_type = $_POST['card_type'];
        $c_number = $_POST['c_number'];
        $cv_code = $_POST['cv_code'];
        $amount = $_POST['amount'];




    $mysqli_query = "INSERT INTO givers (fname, lname, email, card_type, 
    c_number, cv_code, amount) 
    VALUES ($fname, $lname, $email, $card_type, $c_number, $cv_code, 
    $amount)";

    $result = mysqli_query($conn,$sql);

    header("Location: index.html"); 


    ?>

有人可以让我回到正轨吗?

2 个答案:

答案 0 :(得分:1)

此行中有一个拼写错误$result = mysqli_query($conn,$sql);您需要将其更改为$result = mysqli_query($conn,$mysqli_query);,如@Akintunde所述。

我建议你使用prepared statements。这些是由数据库服务器与任何参数分开发送和解析的SQL语句。 查看How can I prevent SQL injection in PHP?

<?php
if(isset($_POST)){

  $conn = mysqli_connect("localhost", "root", "xuncle", "offerings");
  if (!$conn) {
    die("connection failed: " . mysqli_connect_error());
  }

  $result = mysqli_prepare($conn, "INSERT INTO `givers` (`fname`, `lname`, `email`, `card_type`, `c_number`, `cv_code`, `amount`) VALUES (?, ?, ?, ?, ?, ?, ?)");
  mysqli_stmt_bind_param($result, "ssssssd", $_POST['fname'],$_POST['lname'],$_POST['email'],$_POST['card_type'],$_POST['c_number'],$_POST['cv_code'],$_POST['amount']);
  mysqli_stmt_execute($result);

  header("Location: index.html");
}
?>

答案 1 :(得分:0)

在上面的代码中,您在执行查询时访问了错误的变量。此外,您的代码风险很大,因此您需要开始使用预准备语句,因为您使用的API支持它。这有助于防止SQL注入。

您的最终代码是:

$conn = new mysqli("localhost", "root", "xuncle", "offerings");
    if(!$conn) {
        die("connection failed: " .$conn->connect_error);
    }

    $stmt = $conn->prepare("INSERT INTO givers (fname, lname, email, card_type, c_number, cv_code, amount) VALUES (?, ?, ?, ?, ?, ?, ?)");//prepare the statement
    $stmt->bind_param("sssssss", $fname, $lname, $email, $card_type, $c_number, $cv_code, $amount);//bind placeholders to variables
    if($stmt->execute() === true){//everything went fine
    header("Location: index.html");
        //echo 'Data saved successfully';
    } else {
        echo 'Error. Data not saved. '.$conn->error;//get error
    }