Php 在SQL中创建表和字段的脚本不起作用

警告这太长了！如果你知道的话就攻击。至少比我这样的新手还多

此脚本使用三个文件，如下所述。支持从表单输入创建数据库和字段。它将结束并显示my_联系人已创建！。但是当我进入phpMyadmin时，表还没有被创建

我有一个名为show_createtable.html的文件，用于在MySQL中创建表

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1>Step 1: Name and Number</h1>
<form method="post" action="do_showfielddef.php" />
<p><strong>Table Name:</strong><br />
<input type="text" name="table_name" size="30" /></p>
<p><strong>Number of fields:</strong><br />
<input type="text" name="num_fields" size="30" /></p>
<p><input type="submit" name="submit" value="go to step2" /></p>
</form>


</body>
</html>

无标题文件
步骤1：姓名和号码
表名：


字段数：

此表单发布到do_showfielddef.php

    <?php
    //validate important input
    if ((!$_POST[table_name]) || (!$_POST[num_fields])) {
        header( "location: show_createtable.html");
               exit;
    }

    //begin creating form for display
    $form_block = "
    <form action=\"do_createtable.php\" method=\"post\">
    <input name=\"table_name\" type=\"hidden\" value=\"$_POST[table_name]\">
    <table cellspacing=\"5\" cellpadding=\"5\">
      <tr>
        <th>Field Name</th><th>Field Type</th><th>Table Length</th><th>Primary Key?</th><th>Auto-Increment?</th>
      </tr>";

    //count from 0 until you reach the number fo fields
    for ($i = 0; $i <$_POST[num_fields]; $i++) {
      $form_block .="
      <tr>
      <td align=center><input type=\"texr\" name=\"field name[]\"
      size=\"30\"></td>
      <td align=center>
        <select name=\"field_type[]\">
            <option value=\"char\">char</option>
            <option value=\"date\">date</option>
            <option value=\"float\">float</option>
            <option value=\"int\">int</option>
            <option value=\"text\">text</option>
            <option value=\"varchar\">varchar</option>
            </select>
      </td>
      <td align=center><input type=\"text\" name=\"field_length[]\" size=\"5\"></td>
      <td aligh=center><input type=\"checkbox\" name=\"primary[]\" value=\"Y\"></td>
      <td aligh=center><input type=\"checkbox\" name=\"auto_increment[]\" value=\"Y\"></td>

    </tr>";
    }

    //finish up the form 
    $form_block .= "
    <tr>
        <td align=center colspan=3><input type =\"submit\" value=\"create table\">
        </td>
    </tr>
    </table>
    </form>";

    ?>

    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Create a database table: Step 2</title>
    </head>

    <body>
    <h1>defnie fields for <? echo "$_POST[table_name]"; ?> 
    </h1>
    <? echo "$form_block"; ?>

    </body>
    </html>

//connect to database
$connection = @mysql_connect("localhost", "user", "pass")
    or die(mysql_error());
$db = @mysql_select_db($db_name, $connection)
    or die(mysql_error());

//start creating the SQL statement
$sql = "CREATE TABLE $_POST[table_name](";
    //continue the SQL statement for each new field                                 
    for ($i = 0; $i < count($_POST[field_name]); $i++) {
        $sql .= $_POST[field_name][$i]." ".$_POST[field_type][$i];

    if ($_POST[auto_increment][$i] =="Y") {
        $additional = "NOT NULL auto_increment";
    } else {
        $additional = "";
    }

    if ($_POST[primary][$i] =="Y") {
        $additional .= ", primary key (".$_POST[field_name][$i].")";
    } else {
        $additional = "";
    }

    if ($_POST[field_length][$i] !="") {
        $sql .= " (".$_POST[field_length][$i].") $additional ,";
        } else {
            $sql .=" $additional ,";
        }
    }

//clean up the end of the string
$sql = substr($sql, 0, -1);
$sql .= ")";

//execute the query
$result = mysql_query($sql, $connection) or die(mysql_error());
//get a giid message for display upon success
if ($result) {
    $msg = "<p>" .$_POST[table_name]." has been created!</p>";
}
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Create A Database Table: Step 3</title>
</head>

<body>
<h1>Adding table to <? echo "$db_name"; ?>...</h1>
<? echo "$msg"; ?>
</body>
</html>

创建数据库表：步骤2
用于

这又会使用此文件do_showfielddef.php创建表和字段

//connect to database
$connection = @mysql_connect("localhost", "user", "pass")
    or die(mysql_error());
$db = @mysql_select_db($db_name, $connection)
    or die(mysql_error());

//start creating the SQL statement
$sql = "CREATE TABLE $_POST[table_name](";
    //continue the SQL statement for each new field                                 
    for ($i = 0; $i < count($_POST[field_name]); $i++) {
        $sql .= $_POST[field_name][$i]." ".$_POST[field_type][$i];

    if ($_POST[auto_increment][$i] =="Y") {
        $additional = "NOT NULL auto_increment";
    } else {
        $additional = "";
    }

    if ($_POST[primary][$i] =="Y") {
        $additional .= ", primary key (".$_POST[field_name][$i].")";
    } else {
        $additional = "";
    }

    if ($_POST[field_length][$i] !="") {
        $sql .= " (".$_POST[field_length][$i].") $additional ,";
        } else {
            $sql .=" $additional ,";
        }
    }

//clean up the end of the string
$sql = substr($sql, 0, -1);
$sql .= ")";

//execute the query
$result = mysql_query($sql, $connection) or die(mysql_error());
//get a giid message for display upon success
if ($result) {
    $msg = "<p>" .$_POST[table_name]." has been created!</p>";
}
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Create A Database Table: Step 3</title>
</head>

<body>
<h1>Adding table to <? echo "$db_name"; ?>...</h1>
<? echo "$msg"; ?>
</body>
</html>

//连接到数据库
$connection=@mysql\u connect（“localhost”、“user”、“pass”）
或者死（mysql_error（））；
$db=@mysql\u select\u db（$db\u name，$connection）
或者死（mysql_error（））；
//开始创建SQL语句
$sql=“创建表$\u POST[表名称]（”；
//继续为每个新字段执行SQL语句
对于（$i=0；$i”；
}
?>
创建数据库表：步骤3
正在将表添加到。。。

我简直不敢相信我费了那么大劲才写出这个问题。我又仔细看了一眼phpMYAdmin，它成功了。该表是在一个名为testDB的数据库下创建的，我认为该数据库中没有任何内容。 脚本是如何决定将其作为testDB数据库下的子项进行etner的

---

再次感谢大家的投入，这个网站真的很神奇，对像我这样的初学者来说非常有价值。

试着打印

$sql

，然后将你的

sql

粘贴到

phpMyAdmin

中，并检查你是否没有任何

sql

错误。我对php真的很陌生，我到底应该向phpMyAdmin打印什么？在adda下，这将打印出脚本正在运行的SQL语句。这就是您要在phpMyAdminsen I jusy copy中检查的内容，并在“在服务器上运行SQL查询”localhost“SQL注入输入”中通过它？是的，我相信这就是您放置它的地方。我已经有一段时间没有使用phpMyAdmin了。然后查看是否有任何SQL错误。如果您确实收到错误，请更新您的帖子并将其添加到那里。$db=@mysql\u select\u db（$db\u name，$connection）文件do\u showfielddef.php中的行显示应该有一个名为$db\u name的变量，该变量具有要使用的数据库名称。这里还没有显示其他代码。在所有文件中搜索此变量，以查看是否可以找到其设置位置。

//connect to database
$connection = @mysql_connect("localhost", "user", "pass")
    or die(mysql_error());
$db = @mysql_select_db($db_name, $connection)
    or die(mysql_error());

//start creating the SQL statement
$sql = "CREATE TABLE $_POST[table_name](";
    //continue the SQL statement for each new field                                 
    for ($i = 0; $i < count($_POST[field_name]); $i++) {
        $sql .= $_POST[field_name][$i]." ".$_POST[field_type][$i];

    if ($_POST[auto_increment][$i] =="Y") {
        $additional = "NOT NULL auto_increment";
    } else {
        $additional = "";
    }

    if ($_POST[primary][$i] =="Y") {
        $additional .= ", primary key (".$_POST[field_name][$i].")";
    } else {
        $additional = "";
    }

    if ($_POST[field_length][$i] !="") {
        $sql .= " (".$_POST[field_length][$i].") $additional ,";
        } else {
            $sql .=" $additional ,";
        }
    }

//clean up the end of the string
$sql = substr($sql, 0, -1);
$sql .= ")";

//execute the query
$result = mysql_query($sql, $connection) or die(mysql_error());
//get a giid message for display upon success
if ($result) {
    $msg = "<p>" .$_POST[table_name]." has been created!</p>";
}
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Create A Database Table: Step 3</title>
</head>

<body>
<h1>Adding table to <? echo "$db_name"; ?>...</h1>
<? echo "$msg"; ?>
</body>
</html>