Question

我正在设置我的预订Web应用程序并支持UTF-8。

我已经在运行PHP 7和MySQL以及Apache2。在过去，我尝试过做注册表单和登录表单，而在做我的保留表单时，似乎最终发送回显“失败”。

我正在使用面向对象的方法

这是我的bookingtest.php

<?php
$php_variable = 'string';
// connection
include ('config.php');
ob_start();  
// if button register pressed
if(isset($_POST['book']))
{
$fname = $_POST['fname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$country = $_POST['country'];
$swimming = $_POST['swimming'];
$date = $_POST['date'];
$numbercus= $_POST['numbercus'];
$suits= $_POST['suits'];
$certificate = $_POST['certificate'];
$guide= $_POST['guide'];


//inserting php form to mysql
$sql_book = "INSERT INTO booking (fname, email, phone, country, swim, 
date, num, suits, cert, guide)
VALUES ('$fname', '$email', '$phone', '$country', $swimming, '$date', 
'$numbercus', '$suits', '$certificate', '$guide')";
//result
if ($result_book = $conn->query($sql_book))
{

    sleep(1);
    echo "success";

}
else
{
    echo "Failed ! Please check your details !";


}

}
?>

这是我的bookinfo.php

<!DOCTYPE html>
<html>
<!-- header -->
<head>

<title>BOOKING INFORMATION | E-Diving</title>
<link href="https://fonts.googleapis.com/css? 
family=Bungee+Outline&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css? 
family=Archivo+Narrow&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css? 
family=Patua+One&display=swap" rel="stylesheet">
</head>

<body>
<!-- top bars -->
<ul>
    <li><a href="homepage.php">HOME</a></li>
    <li><a href="">ABOUT</a></li>

</ul>
<h1>BOOKING INFORMATION</h1>

<!-- reservation form -->
<form class="field" method="post" action="booktest.php">
    <fieldset>
        <legend>Personal Details: </legend>
        <br>
        Name: <input type="text" name="fname"  placeholder="Full Name">
        <br>
        <br>
        Email: <input type="text" name="email" 
        placeholder="example@example.com">
        <br>
        <br>
        Phone:<input type="tel" name="phone" placeholder="012-3456789">
        <br>
        <br>
        <p>Country: <select name="country" required>
                <option name="country">MALAYSIA</option>
                <option name="country">UNITED STATES</option>
                <option name="country">UNITED KINGDOM</option>
            </select> </p>
        <br>
        <p>Do you know Swimming ?</p>
        <input type="radio" name="swimming">YES
        <br>
        <br>
        <input type="radio"  name="swimming">NO
        <br>
        <br>
        Choose your Date: <input  type="date" name="date" min="2019-01- 
        01">
        <br>
        <br>
        No. Customers: <input type="number" name="numbercus" min="1" 
        max="100">
        <br>
        <br>
        <p>Do you have swimming suits?</p>
        <input type="radio"  name="suits">YES<br><br>
        <input type="radio"  name="suits">NO
        <br>
        <br>
        <p>Level of Certificate :</p>
        <input type="radio" name="certificate">Recretional Scuba Diving 
        Certification Levels.<br>
        <br>
        <input type="radio" name="certificate">Professional Scuba Diving 
        Certification Levels.
        <br>
        <br>
        <p>Do you need a guide?</p>
        <input type="radio" name="guide">YES<br><br>
        <input type="radio" name="guide">NO
        <br>
        <br>


        </fieldset>
        <br>
        <br>

    <input type="submit" name="book" value="Continue...">
    </form>
    </body>

    <!-- style -->
    <style>
    h1 {
    font-family: 'Bungee Outline', cursive;
    text-align: center;
    margin-top: 20px;
    font-size: 70px;
    color: #3A506B;
    }

    body {
    height: 110vh;
    margin: 0;
    padding: 0;
    font-family: 'Product', sans-serif;
    background-image: linear-gradient(120deg, #6B7FD7, #BCEDF6, #EAF8BF, 
    #99DDC8, #F9CFF2, #A9FBD7);
    }

    .field p {
    font-size: 19px;
    }

    .field input[type="radio"],
    .field input[type="text"],
    .field input[type="number"],
    .field input[type="date"] {
     font-size: 14px;}

    fieldset {
    background-color: #A4BAB7;
    font-weight: bold;
    font-family: 'Archivo Narrow', sans-serif;
    color: #533E2D;
    font-style: oblique;
    font-size: 19px;
    border-radius: 20px;
    : 16px;}

.field {
    margin-right: 10px;}

legend {
    text-decoration: underline;
    text-align: center;
    font-size: 21px;
    font-family: 'Patua One', cursive;
}

.field input[type="submit"] {
    border: 0;
    background: #4C243B;
    display: block;
    margin: 20px auto;
    text-align: center;
    border: 3px solid #07FEDE;
    padding: 14px 60px;
    width: 200px;
    outline: none;
    color: white;
    border-radius: 25px;
    transition: 0.6s;
    cursor: pointer;
    color: cornflowerblue;
    font-weight: bolder;
    font-family: 'Raleway', sans-serif;
    font-size: 15px;
}

.field input[type="submit"]:hover {
    background: #DCD6F7;
    color: #151E3F;
    font-family: 'Raleway', sans-serif;

}



head {
    display: flex;
}


ul {
    list-style-type: none;
    margin: 0;
    padding: 0;
    overflow: hidden;
    background-color: #EDF7F6;
    position: fixed;
    top: 0;
    width: 100%;
    position: fixed;
    font-weight: lighter;

}

li {
    float: left;
}

li a {
    display: block;
    color: #352208;
    text-align: center;
    padding: 14px 16px;
    text-decoration: none;
    font-weight: lighter;
}

li a:hover:not(.active) {
    background-color: #FAE8EB;
    color: #1F2041;
}

.active {
    background-color: #CC7E85;
    transition: 1s;
}






</html>

Answer 1

使用execute代替query，并使用准备好的语句来处理SQL INJECTION。

$sql = "INSERT INTO booking (fname, email, phone, country, swim, date, num, suits, cert, guide) VALUES (?,?,?,?,?,?,?,?,?,?)";
$stmt= $pdo->prepare($sql);
$stmt->execute([$fname, $email, $phone, $country, $swimming, $date, $numbercus, $suits, $certificate, $guide]);

参考：Insert query using PDO

如何解决我的预订，因为当我发送它。它在mysql上不显示任何数据，并且显示echo“ failed”

1 个答案: