表单在页面加载时向mySQL数据库提交/插入数据

时间:2011-10-08 21:53:24

标签: php forms

我的.php页面有问题。

adddata.php有一个允许用户向数据库提交某些数据的表单,但每次加载或刷新页面时,都会提交空表单(在数据库中创建一行空白值)。

我对PHP没什么经​​验,所以对任何新手错误提前道歉 - 这是代码:

<html>
<head>
<title>Project IPAM - Add Data</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container" class="container" style="width:980px">


<?php

include('./templates/header.php'); 
include('./templates/dbconnect.php');


?>



<?php
if(isset($_POST['submit']))
{
    $name = $_POST['address_v4'];
    echo "Successful submitted";

}
?>

<div id="content" style="background-color:#ABCDEF;height:500px;width:980px">

<!--  This is a example submit form to add data to the database !-->



<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form method="post" action="adddata.php">
<table width="" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>
<tr>
<td>IP(v4)</td>
<td>:</td>
<td><input name="address_v4" type="text" id="address_v4" maxlength="15"></td>
</tr>
<tr>
<td>Hostname</td>
<td>:</td>
<td><input name="hostname" type="text" id="hostname" maxlength="32"></td>
</tr>
<tr>
<td>Type</td>
<td>:</td>
<td><select name="type">
<option value="static">Static</option>
<option value="dhcp">DHCP</option>
<option value="reserved">Reserved</option>
</td>
</tr>
<tr>
<td>Updated By</td>
<td>:</td>
<td><input name="updated_by" type="text" id="updated_by" maxlength="16"></td>
</tr>
<tr>
<td>Notes</td>
<td>:</td>
<td><input name="notes" type="text" id="notes" maxlength="128"></td>
</tr>
<tr>
<td>Location</td>
<td>:</td>
<td><textarea cols="17" rows="7" name="location" type="text" id="location" maxlength="64"></textarea></td>
</tr>
<tr>
<td>Default Gateway</td>
<td>:</td>
<td><input name="default_gateway" type="text" id="default_gateway" maxlength="15"></td>
</tr>
<tr>
<td>Subnet Mask</td>
<td>:</td>
<td><input name="subnet_mask" type="text" id="subnet_mask" maxlength="15"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>


<?php


// Connect to the DB
include_once('./templates/dbconnect.php');

// Get values from form and checks whether values have been initilized using the isset() function.
$address=isset($_POST['address_v4']);
$hostname=isset($_POST['hostname']);
$type=isset($_POST['type']);
$updated_by=isset($_POST['updated_by']);
$notes=isset($_POST['notes']);
$location=isset($_POST['location']);
$default_gateway=isset($_POST['default_gateway']);
$subnet_mask=isset($_POST['subnet_mask']);



// Insert data into mysql 
$sql="INSERT INTO $tbl_name(address_v4, hostname, type, updated_by, notes, location, default_gateway, subnet_mask)
        VALUES('$address','$hostname','$type','$updated_by','$notes','$location','$default_gateway','$subnet_mask')";


if (!mysql_query($sql,$con))//
  {
  die('Error: ' . mysql_error());
  }


mysql_close($con)
?>








</div>
<div id="footer" style="background-color:#FFA500;clear:both;text-align:center;">
Copyright © 2011 Richard Day
</div>
</div>
</body>
</html>

3 个答案:

答案 0 :(得分:1)

isset()检查是否设置了值并返回truefalse。将其更改为:

if (isset($_POST['address_v4']))
{
    // if the value does indeed exist, then prepare it to be used in an SQL query
    // and assign it to the $address variable
    $address = mysql_real_escape_string($_POST['address_v4']);
}
else
{
    // if the value does not exist, then make the $address variable an
    // empty string
    $address = '';
}

您需要在查询中添加的其他变量也是如此。

答案 1 :(得分:0)

问题在于您正在检查是否设置了$ _POST变量,例如:

$address=isset($_POST['address_v4']);

isset返回一个布尔值(true或false),而不是您要检查的变量中的数据。改变你的行是这样的:

$address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';

mysql_real_escape_string有助于防止对您的网站进行SQL injection攻击。

修改

如果我理解正确,您还需要在运行数据库语句之前检查表单是否已实际提交,无论表单是否已提交,此时您运行该表单。从顶部的if(isset($_POST['submit']))语句中移动文档底部的所有PHP代码,应将其排序。

if(isset($_POST['submit'])) {
  $name = $_POST['address_v4'];
  echo "Successful submitted";

  // Now the code from the bottom, minus the database file include as you've already got that further up in the code
  $address=isset($_POST['address_v4']) ? mysql_real_escape_string($_POST['address_v4']) : '';

  // ...

答案 2 :(得分:0)

首先需要验证您的输入。

使用isset();验证是否已设置,使用empty();检查变量是否为空。使用&&运算符一次执行多项检查。

将变量转换为适当的数据类型。在存储到数据库之前,使用mysql_real_escape_string();转义输入。

使用post-redirect-get方法阻止刷新或重新加载时提交表单。