我创建了一个Web表单来将数据插入到mysql数据库中。我以为我有php从表单中插入数据,但是唉,当我点击提交时没有发生任何事情。我确实有正确的主机名和其他数据库详细信息,我只是没有在这里发布。
我可能在此代码中有多个错误。我希望有些专家可以指出我正确的方向。
提前致谢。
<?php
$con = mysql_connect("hostname","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dbname", $con);
$sql="INSERT INTO games (game_name, release_date, game_category, game_type, game_console)
VALUES
('$_POST[game_name]','$_POST[release_date]','$_POST[game_category]','$_POST[game_type]','$_POST[game_console]')";
mysql_query($sql);
$sql2 = "INSERT INTO trophy_totals (game_name, bronze_ttl, silver_ttl, gold_ttl, plat_ttl, hidden_ttl, total_points)
VALUES
('$_POST[game_name]','$_POST[bronze_ttl]','$_POST[silver_ttl]','$_POST[gold_ttl]','$_POST[plat_ttl]','$_POST[hidden_ttl]','$_POST[total_points]')";
mysql_query($sql2);
?>
<?php
foreach($_POST['trophy'] as $trophy) {
$sql3 = "INSERT INTO trophies (game_name, tr_name, tr_description, tr_color, tr_ach_value) VALUES ('".$_POST['game_name']."', '".$trophy['name']."', '".$trophy['desc']."', '".$trophy['color']."', '".$trophy['tr_ach_value']."')";
mysql_query($sql3);
}
echo "Record added";
mysql_close($con)
?>
我的表单可能有问题吗?
<form action="http://www.yeahthatrocks.com/update.php" method="post">
Game Name: <input name="game_name" type="text" size="25" maxlength="255" /><br></br>
Release Date: <input name="release_date" type="text" size="25" /><p></p>
<p>Console:
<select name="game_console">
<option value="PS3">PS3</option>
<option value="Xbox 360">Xbox 360</option>
<option value="Both">Both</option>
</select>
Game Category:
<select name="game_category">
<option value="Retail">Retail</option>
<option value="PSN">PSN</option>
<option value="Arcade">Arcade</option>
<option value="Arcade">DLC</option>
</select>
Game Type:
<select name="game_type">
<option value="Action">Action</option>
<option value="Action RPG">Action RPG</option>
<option value="Adventure">Adventure</option>
<option value="Board">Board</option>
<option value="Card">Card</option>
<option value="Casino">Casino</option>
<option value="Educational">Educational</option>
<option value="Fighting">Fighting</option>
<option value="Flight">Flight</option>
<option value="Game Show">Game Show</option>
<option value="Hunting">Hunting</option>
<option value="Music">Music</option>
<option value="Other">Other</option>
<option value="Pinball">Pinball</option>
<option value="Platformer">Platformer</option>
<option value="Puzzle">Puzzle</option>
<option value="Racing">Racing</option>
<option value="RPG">RPG</option>
<option value="Shooter">Shooter</option>
<option value="Sports">Sports</option>
<option value="Strategy">Strategy</option>
<option value="Virtual Pet">Virtual Pet</option>
</select>
Trophy Totals:</p>
Bronze: <input name="brinze_ttl" type="text" size="3" maxlength="3" />
<br/>
Silver: <input name="Silver Total" type="text" size="3" maxlength="3" /><br/>
Gold: <input name="Gold Total" type="text" size="3" maxlength="3" /><br/>
Platinum: <input name="Platinum Total" type="text" size="3" maxlength="3" /><br/>
Hidden: <input name="Hidden Total" type="text" size="3" maxlength="3" /><br/>
Xbox Pts.: <input name="Xbox Pts Total" type="text" size="5" maxlength="5" /><br/>
</p>
<p> </p>
<p>Trophies:</p>
Trophy Name: <input name="tr_name[0]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[0]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[0]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[0]" type="text" size="4" maxlength="4" /><p></p>
Trophy Name: <input name="tr_name[1]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[1]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[1]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[1]" type="text" size="4" maxlength="4" /><p></p>
Trophy Name: <input name="tr_name[2]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[2]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[2]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[2]" type="text" size="4" maxlength="4" /><p></p>
Trophy Name: <input name="tr_name[3]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[3]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[3]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[3]" type="text" size="4" maxlength="4" /><p></p>
Trophy Name: <input name="tr_name[4]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[4]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[4]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[4]" type="text" size="4" maxlength="4" /><p></p>
Trophy Name: <input name="tr_name[5]" type="text" size="50" maxlength="255" /><br/>
Descripton: <input name="tr_desc[5]" type="text" size="50" maxlength="255" /><br/>
Trophy Color: <select name="tr_color[5]">
<option value="Bronze">Bronze</option>
<option value="Silver">Silver</option>
<option value="Gold">Gold</option>
<option value="Platinum">Platinum</option>
<option value="Hidden">Hidden</option>
</select>
Points: <input name="tr_ach_value[5]" type="text" size="4" maxlength="4" /><p></p>
<input name="submit" type="button" value="submit" />
</form>
答案 0 :(得分:2)
尝试在$_POST中转义查询中的{}参数,如下所示:
$sql = "INSERT INTO games (game_name, release_date, game_category, game_type, game_console)
VALUES
('{$_POST['game_name']}', '{$_POST['release_date']}', '{$_POST['game_category']}', '{$_POST['game_type']}', '{$_POST['game_console']}')";
其他人对SQL注入的看法也是如此。您至少应该使用mysql_real_escape_string转义这些字符串,但使用PDO或预处理语句也可能是一个好主意。
答案 1 :(得分:1)
您的代码易受SQL注入攻击。你必须逃避参数,例如使用mysql_real_escape_string。另外,我可以推荐独立于DBMS的PDO数据库接口,并且具有更安全的方法。
答案 2 :(得分:1)
SQL麻烦?简单的解决方案 - echo $ sql并在SQL编辑器中运行它以查看它是否有效。我通过这种方式追踪了更多的SQL问题。
答案 3 :(得分:1)
启用错误报告(http://php.net/manual/en/function.error-reporting.php)也可以查看代码中存在的错误。
只是为了警告你,检查sql注入http://en.wikipedia.org/wiki/SQL_injection
答案 4 :(得分:0)
不是100%,但也许可以尝试将你的foreach声明换成:
for (i = 0; i <=5; i++)
{
$sql3 = "INSERT INTO trophies (game_name, tr_name, tr_description, tr_color, tr_ach_value) VALUES ('".$_POST['game_name']."', '".$_POST['tr_name'][i]."', '".$_POST['tr_desc'][i]."', '".$_POST['tr_color'][i]."', '".$_POST['tr_arch_value'][i]."')";
mysql_query($sql3);
}
答案 5 :(得分:-3)
首先,它看起来并不像你正在传递正确的值来连接。而不是:
$con = mysql_connect("hostname","username","password");
$con = mysql_connect("localhost","root","some password");
您的数据库也是如此;你想要数据库的实际名称而不是dbname,除非这实际上是你的数据库的名称。
另外,要小心你是如何做你的INSERTS等的。您没有逃避任何值,因此您容易受到SQL injection的影响。