如何从php将HTML表单的输入值保存在sql中
这是不正常工作,请帮助,如果有人在那里*如何从php将HTML表单的输入值保存在sql中,php,html,Php,Html,这是不正常工作,请帮助,如果有人在那里* empty()不接受多个参数,即使它接受多个参数(如isset()),也希望它们用逗号分隔(而不是和) 您可以在一次调用中检查所有预期的POST键是否与isset()一起存在,如下所示: if(!empty($_POST['Sourcing_HR'] AND $_POST['DOS'] AND $_POST['Candidate_Name'] AND $_POST['Candidate_Name'] AND $_POST['Total_
empty()
不接受多个参数,即使它接受多个参数(如isset()
),也希望它们用逗号分隔(而不是和)
您可以在一次调用中检查所有预期的POST
键是否与isset()
一起存在,如下所示:
if(!empty($_POST['Sourcing_HR'] AND $_POST['DOS'] AND $_POST['Candidate_Name'] AND $_POST['Candidate_Name'] AND $_POST['Total_Experience'] AND $_POST['Current_CTC'] AND $_POST['Expected_CTC'] AND $_POST['Current_Location'] AND $_POST['Preferred_Location'])){
$sql = "INSERT INTO candidatesListFields (Sourcing_HR, DOS, Candidate_Name, Total_Experience, Current_CTC, Expected_CTC, Current_Location, Preferred_Location) VALUES ('$Sourcing_HR', '$DOS', '$Candidate_Name', '$Total_Experience', '$Current_CTC', '$Expected_CTC','$Current_Location','$Preferred_Location')";
echo($_POST[$Sourcing_HR.' '. $DOS.' '. $Candidate_Name.' '. $Total_Experience.' '. $Current_CTC.' '. $Expected_CTC.' '. $Current_Location.' '. $Preferred_Location]);
}
if (isset($_POST['Sourcing_HR'])) {
$Sourcing_HR = $_POST['Sourcing_HR'];
}
?>
或者,如果您愿意,请使用!empty()
以确保所有值均为空且不包含字符串0
<代码>!但必须对每个元素调用empty()
if (isset($_POST['Sourcing_HR'], $_POST['DOS'], $_POST['Candidate_Name'],
$_POST['Candidate_Name'], $_POST['Total_Experience'], $_POST['Current_CTC'],
$_POST['Expected_CTC'], $_POST['Current_Location'], $_POST['Preferred_Location'])) {
如果您希望对不包含必需数据的特定字段提供个性化反馈,则必须设置单独的If条件(需要编写更多代码)
检查所有预期元素是否存在后,请使用带有占位符和绑定参数的预处理语句,以确保安全性和稳定性(而不是mysqli转义)
下面是一个使用面向对象语法的未经测试的建议:
if (!empty($_POST['Sourcing_HR']) && !empty($_POST['DOS']) && !empty($_POST['Candidate_Name'])
&& !empty($_POST['Candidate_Name']) && !empty($_POST['Total_Experience'])
&& !empty($_POST['Current_CTC']) && !empty($_POST['Expected_CTC'])
&& !empty($_POST['Current_Location']) && !empty($_POST['Preferred_Location'])) {
你应该使用&&!空($\u POST['DOS'])
不是,
请提供您收到的错误消息1。为什么要多次重复代码的某些部分?2.您正在尝试转义post变量(使用mysql\u real\u escape\u string()),而不检查它们是否存在(或者即使请求是一个post)。这意味着您正试图访问每个请求上的所有$\u POST
-变量。可能存在重复的
if (!empty($_POST['Sourcing_HR']) && !empty($_POST['DOS']) && !empty($_POST['Candidate_Name'])
&& !empty($_POST['Candidate_Name']) && !empty($_POST['Total_Experience'])
&& !empty($_POST['Current_CTC']) && !empty($_POST['Expected_CTC'])
&& !empty($_POST['Current_Location']) && !empty($_POST['Preferred_Location'])) {
if (!$conn = new mysqli("localhost", "root", "", "candidatesList")) {
echo "Database Connection Error: " , $conn->connect_error; // don't show exact error publicly
} else {
if (!$stmt = $conn->prepare("INSERT INTO candidatesListFields (Sourcing_HR, DOS, Candidate_Name, Total_Experience, Current_CTC, Expected_CTC, Current_Location, Preferred_Location) VALUES (?,?,?,?,?,?,?,?)")) {
echo "Prepare Syntax Error: " , $conn->error; // don't show exact error publicly
} else {
if (!$stmt->bind_param("ssssssss", $_POST['Sourcing_HR'], $_POST['DOS'], $_POST['Candidate_Name'], $_POST['Total_Experience'], $_POST['Current_CTC'], $_POST['Expected_CTC'], $_POST['Current_Location'], $_POST['Preferred_Location']) || !$stmt->execute()) {
echo "Query Error: " , $stmt->error; // don't show exact error publicly
}else{
echo "Success";
}
$stmt->close();
}
$conn->close();
}