用户输入如何插入数据库

时间:2019-05-16 08:11:26

标签: php html

我想知道您是否可以帮助我: 我需要将网站的用户输入连接到我的数据库。 我有以下文件:index.php,submitsleep.php和template.php

这是Submitsleep.php 

<?php
  include('template.php');

  $hoursofsleep = $_POST['hoursofsleep'];
  $daytimenaps = $_POST['daytimenaps'];
  $bedtime = $_POST['bedtime'];
  $getuptime = $_POST['getuptime'];

  $sql = "INSERT INTO sleep4project (hoursofsleep, daytimenaps, bedtime, 
  getuptime) VALUES ('$hoursofsleep', '$daytimenaps', '$bedtime', 
                     '$getuptime');";mysqli_query($conn, $sql);

  header('Location:index.php');
?>

这是我的模板文件,包含在我的用户输入代码所在的index.php中。

<?php
  session_name('Website');
  session_start();
  $host = "localhost";
  $user = "grace18";
  $pwd = ""; // my password
  $db = "grace18_db"; 
  $mysqli = new mysqli($host, $user, $pwd, $db);
  $navigation = <<<END
  <nav>

    END;

  if (isset($_SESSION['userId']))
  {
    $navigation .= <<<END

    END;
  }
  $navigation .= '</nav>';
?>

在我的index.php中,我有:

<!-- Nav Item - Sleep Collapse Menu -->
<li class="nav-item">
  <a class="nav-link collapsed" href="#" data-toggle="collapse" data-target="#collapseSleep" aria-expanded="true" aria-controls="collapseSleep">
    <i class="fas fa-bed"></i>
    <span>Sleep</span>
  </a>
  <div id="collapseSleep" class="collapse" aria-labelledby="headingSleep" data-parent="#accordionSidebar">
    <div class="bg-white py-2 collapse-inner rounded">
      <form action="submitsleep.php" method="post">
        <label for="exampleFormControlInput1">Hours of sleep:</label>
        <div class="form-group">
          <input type="text" class="form-control" name="hoursofsleep" id="exampleFormControlInput1" placeholder="Hours of sleep" value="">
        </div>
        <label for="exampleFormControlInput1">Daytime naps:</label>
        <div class="form-group">
          <input type="text" class="form-control" name="daytimenaps" id="exampleFormControlInput1" placeholder="Daytime naps" value="">
        </div>
        <label for="exampleFormControlInput1">Bed time:</label>
        <div class="form-group">
          <input type="text" class="form-control" name="bedtime" id="exampleFormControlInput1" placeholder="Bed time" value="">
        </div>
        <label for="exampleFormControlInput1">Get up time:</label>
        <div class="form-group">
          <input type="text" class="form-control" name="getuptime" id="exampleFormControlInput1" placeholder="Get up time" value="">
        </div>
        <button type="submit" class="submit_button">Submit</button>
      </form>
    </div>
  </div>
</li>

问题是用户输入没有添加到数据库的我的表sleep4project中。你知道出什么事了吗?

1 个答案:

答案 0 :(得分:1)

您的代码容易受到SQLIA的攻击,而mysqli允许您编写准备好的语句。因此,出于安全原因,请在需要将用户输入存储到数据库的地方使用分隔语句。

首先,您需要检查您的连接是否不正常

// check validation
if(empty($_POST['hoursofsleep']) || empty($_POST['daytimenaps']) || empty($_POST['bedtime']) || empty($_POST['getuptime'])) {
    die('all data required');
}
// create new connection
$mysqli = new mysqli($host, $user, $pwd, $db);
if($mysqli->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

现在在插入侧

 try {
    $stmt = $mysqli->prepare("INSERT INTO sleep4project (hoursofsleep, daytimenaps, bedtime, getuptime) VALUES (?, ?, ?, ?)");
    // I consider all are string you can change as per your neeed
    $stmt->bind_param("ssss", $hoursofsleep, $daytimenaps, $bedtime, $getuptime);

    // now set the value of you binding varables
    $hoursofsleep = $_POST['hoursofsleep'];
    $daytimenaps = $_POST['daytimenaps'];
    $bedtime = $_POST['bedtime'];
    $getuptime = $_POST['getuptime'];

    //Now execute your query by
    $stmt->execute();
} catch(Exception $ex) {
    var_dump($ex);
}
相关问题
最新问题