表单不向数据库发送数据

时间:2018-02-13 08:32:31

标签: php html

我收集来自时事通讯的访客邮件的表单不是向我的数据库发送信息,而只是添加索引加起来没有数据的空格 这是我的HTML代码

<form action="php/newsletter.php" method="post" >
    <div class="input-group">
        <input class="form-control" type="text" id="email"  name="email" placeholder="E-mail ... ">
            <span class="input-group-btn">
                <button class="btn btn-primary subscribe" type="button" value="insert"><i class="pe-7s-paper-plane pe-2x"></i></button>
            </span>
     </div>
     <!-- /input-group -->
</form>

这是php 

<?php
$servername = "localhost";
$username = "pridedri_news";
$password = "BBIT/7949/1/1630";
$database = "pridedri_NEWSLETTER";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
    
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    
    $sql = "INSERT INTO subscribers (email)
    VALUES ('$email')";
    
    // use exec() because no results are returned
    $conn->exec($sql);
    
    echo "Request sent successfully";
     
    } catch(PDOException $e) {    
    echo "Connection failed: " . $e->getMessage();
    }
    
    
//$conn = null; 

?>

<Doctype! html>
<body>

    <a href="http://pridedrivetours.co.ke/">Back</>
</body>

</html>

我的错误可能在哪里?

2 个答案:

答案 0 :(得分:0)

您尚未在PHP脚本中定义$email。此外,您应该为使用用户输入的查询使用预准备语句,以防止SQL注入(http://bobby-tables.com) - &gt;这有点重要,请阅读SQL注入。它是PHP网站最大的安全问题之一,它允许第三人在几秒钟内删除整个数据库。

此外,要访问从表单发布的数据,您始终可以访问$_POST数组,而键["email"]是输入的名称。

试试这段代码:

<?php
$servername = "localhost";
$username = "pridedri_news";
$password = "BBIT/7949/1/1630";
$database = "pridedri_NEWSLETTER";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);

    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql = $conn->prepare("INSERT INTO subscribers (email) VALUES (:email)");
    $sql->bindParam(':email', $_POST["email"]);

    // even exec() returnes true or false!!!!
    if($conn->exec($sql)) {     
        echo "Request sent successfully";
    }

    } catch(PDOException $e) {    
    echo "Connection failed: " . $e->getMessage();
    }


//$conn = null; 

?>

<Doctype! html>
<body>

<a href="http://pridedrivetours.co.ke/">Back</>
</body>

</html>

答案 1 :(得分:0)

在mysql查询中使用它之前声明$ email 

$email = $_REQUEST['email'];

我希望它对你有用

相关问题
最新问题