我在我正在处理的网站上有一个表单,需要将信息提交到MySQL数据库。我主要是一名网页设计师,PHP对我来说有点新鲜。我已将此PHP代码编写为HTML表单的操作,如下所示:
<?php
//only process if $_POST isn't empty
if ( ! empty( $_POST ) ){
//connect to mysql
$mysqli = new mysqli( 'localhost', 'user', 'pass', 'dbname' );
//check connection
if ( $mysqli->connect_error ) {
die( 'Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//insert data
$sql = ("
INSERT INTO `table` (`ID`, `u_fname`, `u_lname`, `u_email`)
VALUES (NULL, '{$mysqli->real_escape_string($_POST['u_fname'])}', '{$mysqli->real_escape_string($_POST['u_lname'])}', {$mysqli->real_escape_string($_POST['u_email'])}')");
$insert = $mysqli->query($sql);
//print response from sql
if ( $insert ) {
echo "Success! Row ID: {$mysqli->insert_id}";
}
else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
//close connection
$mysqli->close();
}
?>
相关的HTML表单在这里:
<div class="form-container">
<form action="signupform.php" method="post" class="isubmit" name="signup" onsubmit="swal({
type: 'success',
title: 'Thanks!',
showConfirmButton: false,
timer: 1500
})">
<input required type="text" name="u_fname" class="first-name" placeholder="First Name">
<input required type="text" name="u_lname" class="last-name" placeholder="Last Name">
<input required type="text" name="u_email" class="email" placeholder="Email">
<button class="isubmit submit-text" type="submit">submit</button>
</form>
</div>
HTML和PHP文件是分开的,但在同一目录中。我知道PHP需要更安全以避免注入,但这不是我的问题。问题是,当按下提交按钮时,PHP不会将条目发送到我的数据库。数据库保持不变,我需要的是当用户点击HTML表单上的提交按钮时,表单字段中的信息填充数据库表。任何有关我的代码的帮助或更好的方法的建议将不胜感激。
答案 0 :(得分:2)
从查询中的字符串中删除mysqli_real_escape_string,并将变量设置为等于您的post值。您的'id'也需要从插入中删除,因为数据库中的ID应该是自动增量。在错误验证和准备语句中添加,以帮助防止sql注入。
//insert data
<?php
if(!empty($_POST)) {
if(isset($_POST['submit'])){
//connect to mysql
$mysqli = mysqli_connect( 'localhost', 'user', 'pass', 'dbname' );
//check connection
if (!$mysqli) {
die( 'Connect Error: ' . mysqli_error());
}
$u_fname = mysqli_real_escape_string($mysqli, $_POST['u_fname']);
$u_lname = mysqli_real_escape_string($mysqli, $_POST['u_lname']);
$u_email = mysqli_real_escape_string($mysqli, $_POST['u_email']);
//VALIDATION ARRAY
$error = [
"u_fname"=> '',
"u_lname"=> '',
"u_email"=> ''
];
if($u_fname == '') {
$error['u_fname'] = "Please Enter Your First Name";
}
if($u_lname == '') {
$error['u_fname'] = "Please Enter Your Last Name";
}
if($u_email == '') {
$error['u_fname'] = "Please Enter Your Email";
}
else {
//IF NO ERRORS INSERT DATA
$stmt = mysqli_prepare($mysqli, "INSERT INTO `table` (`u_fname`, `u_lname`, `u_email`) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sss', $u_fname, $u_lname, $u_email);
mysqli_stmt_execute($stmt);
//print response from sql
if ($stmt ) {
echo "Success!";
}
else {
die("Error" . mysqli_error());
}
//close connection
mysqli_close($mysqli);
}
}
}
?>
表格
<div class="form-container">
<form action="signupform.php" method="post" class="isubmit" name="signup">
<input required type="text" name="u_fname" class="first-name" placeholder="First Name">
<span><?php echo isset($error['u_fname']) ? $error['u_fname'] : ''?></span>
<input required type="text" name="u_lname" class="last-name" placeholder="Last Name">
<span><?php echo isset($error['u_lname']) ? $error['u_lname'] : ''?></span>
<input required type="text" name="u_email" class="email" placeholder="Email">
<span><?php echo isset($error['u_email']) ? $error['u_email'] : ''?></span>
<button class="isubmit submit-text" type="submit" name="submit">submit</button>
</form>
</div>