如何使用php插入mysql数据库?
因此,我无法将数据连接或插入数据库。我正在使用表格收集我需要的信息。然后我尝试插入到我的数据库中。我不确定是什么问题,但我想我的连接有问题。我正在使用两个文件来尝试并实现这一点 addQuite.html文件如何使用php插入mysql数据库?,php,mysql,forms,post,Php,Mysql,Forms,Post,因此,我无法将数据连接或插入数据库。我正在使用表格收集我需要的信息。然后我尝试插入到我的数据库中。我不确定是什么问题,但我想我的连接有问题。我正在使用两个文件来尝试并实现这一点 addQuite.html文件 <!DOCTYPE html> <html> <head> <title>AddQuote</title> <link href="styles.css" type="text/css" rel="style
<!DOCTYPE html>
<html>
<head>
<title>AddQuote</title>
<link href="styles.css" type="text/css" rel="stylesheet" />
</head>
<body>
<h2> Add a Quote <h2>
<form action="index.php" method="get">
<div>
Quote:<br>
<textarea rows="6" cols="60" name="quote" id="quote">
</textarea>
<br>
Author: <input type="text" name="author" id="author"/> <br>
<input class = "input2" type="submit" value="Save Quotation"/>
</div>
</form>
</body>
</html>
加引号
添加报价
引用:
作者:
这是我的index.php文件,我正试图在这里连接并插入数据库
<!DOCTYPE html>
<html>
<head>
<title>Quotes</title>
<link href="styles.css" type="text/css" rel="stylesheet" />
</head>
<body>
<h1> Quotes </h1>
<form action="addQuote.html">
<input class="input1" type="submit" value="Add Quote"/>
</form>
<?php
//connet to server
$db = new PDO("mysql:host=server;dbname=quotes", "root" , "");
//check connections
if($db===false){
die("ERROR: Could not connect. ");
}
//get name and quote
$name = $_GET['author'];
$quote = $_GET['quote'];
//attemp insert query execution
$sql = "INSERT INTO quotations (name, quote, rating ) VALUES
('$name', '$quote', 0)";
?>
</body>
</html>
引用
引用
看看下面的例子
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO MyGuests (firstname, lastname, email)
VALUES ('John', 'Doe', 'john@example.com')";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
查看下面的示例
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO MyGuests (firstname, lastname, email)
VALUES ('John', 'Doe', 'john@example.com')";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
如果您的查询从未执行,请在代码中添加“$db->exec($sql);”
<?php
//connet to server
$db = new PDO("mysql:host=server;dbname=quotes", "root" , "");
//check connections
if($db===false){
die("ERROR: Could not connect. ");
}
//get name and quote
$name = $_GET['author'];
$quote = $_GET['quote'];
//attemp insert query execution
$sql = "INSERT INTO quotations (name, quote, rating ) VALUES
('$name', '$quote', 0)";
$db->exec($sql);
?>
如果您的查询从未执行,请在代码中添加“$db->exec($sql);”
<?php
//connet to server
$db = new PDO("mysql:host=server;dbname=quotes", "root" , "");
//check connections
if($db===false){
die("ERROR: Could not connect. ");
}
//get name and quote
$name = $_GET['author'];
$quote = $_GET['quote'];
//attemp insert query execution
$sql = "INSERT INTO quotations (name, quote, rating ) VALUES
('$name', '$quote', 0)";
$db->exec($sql);
?>
要使用PDO将数据插入MySQL,您需要使用准备好的语句exec()
不应用于插入数据。SQL查询需要参数化,数据需要单独传递
<?php
//connet to server
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$db = new PDO("mysql:host=server;dbname=quotes;charset=utf8mb4", "root", "", $options);
//attempt insert query execution
$db->prepare('INSERT INTO quotations(name, quote, rating ) VALUES(?,?,0)')
->execute([
$_GET['author'],
$_GET['quote']
]);
?>
您还应该使用PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION
在PDO中启用异常,使用utf8mb4
字符集,并且在PHP中永远不要使用没有密码的root
。要使用PDO将数据插入MySQL,您需要使用准备好的语句exec()
不应用于插入数据。SQL查询需要参数化,数据需要单独传递
<?php
//connet to server
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$db = new PDO("mysql:host=server;dbname=quotes;charset=utf8mb4", "root", "", $options);
//attempt insert query execution
$db->prepare('INSERT INTO quotations(name, quote, rating ) VALUES(?,?,0)')
->execute([
$_GET['author'],
$_GET['quote']
]);
?>
您还应该使用PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION
在PDO中启用异常,使用utf8mb4
字符集,并且在PHP中永远不要使用没有密码的root
。检查主机名如果您在本地系统中运行代码,通常是“localhost”。您当前的代码容易受到sql注入的攻击。您应该通过准备或转义来确保不会发生这种情况检查主机名如果您在本地系统中运行代码,则通常为“localhost”。您当前的代码容易受到sql注入的攻击。你应该通过准备或逃跑来确保这不会发生