Php 如何将表单的值放入MySQL表中?
我只想从SQL表的输入中获取Php 如何将表单的值放入MySQL表中?,php,html,mysql,forms,Php,Html,Mysql,Forms,我只想从SQL表的输入中获取var1。它总是创建一个新的ID,所以这是可行的,但它在电子邮件行中留下一个空字段。我以前从未使用过SQL,在这里找不到类似的东西。我认为问题也可能出在桌子的设置上,但没有发现任何错误 <input name="var1" id="contact-email2" class="contact-input abo-email" type="text" placeholder="
var1<input name="var1" id="contact-email2" class="contact-input abo-email" type="text" placeholder="Email *" required="required"/>
<form class="newsletter-form" action="newsletter.php" method="POST">
<button class="contact-submit" id="abo-button" type="submit" value="Abonnieren">Absenden
</button>
</form>
阿本登
简单答案
这里有一些错误;但简单的答案是:
$sql = "INSERT INTO table (id, Email) VALUES ('?', '_POST[var1]')";
……应该是:
$sql = "INSERT INTO {$table} (id, Email) VALUES ('?', '{$var1}')";
…或假设id
设置为自动递增等
$sql = "INSERT INTO {$table} (Email) VALUES ('{$var1}')";
更复杂的答案
您真的应该花点时间将prepared
语句与具有用户输入的SQL
一起使用。在查询
中使用字符串之前,您至少应该自己对字符串进行转义
mysqli
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host, $user, $password, $dbase); // Make connection to DB
if($mysqli->connect_error) {
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $mysqli->prepare($sql); // Prepare the statement
$query->bind_param("s", $email); // Bind $email {s = data type string} to the ? in the SQL
$query->execute(); // Execute the query
PDO
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
try {
$pdo = new pdo( "mysql:host={$host};dbname={$dbase}", $user, $password); // Make connection to DB
}
catch(PDOexception $e){
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $pdo->prepare($sql); // Prepare the statement
$query->execute([$email]); // Execute the query binding `(array)0=>$email` to place holder in SQL
该id是唯一的id吗?这是自动递增的??
如果是这样,你应该这样做
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host,$user,$password,$dbase);
$email = $_POST['var1'];
// you might want to make sure the string is safe this is escaping any special characters
$statment = $mysqli->prepare("INSERT INTO table (Email) VALUES (?)");
$statment->bind_param("s", $email);
if(isset($_POST['var1'])) {
$statment->execute();
}
$mysqli->close();
$statment->close();
请阅读并使用准备好的语句和参数。您的表单是这样的吗?您的输入不在表单中。@Dharman是的,将其放入表单中并不能真正改变任何事情。@noah222它必须在表单中,否则该值将不会发送到服务器。你检查过实际发送的内容吗?你知道浏览器检查器吗?如果只是一个输入错误,那么你可以删除这个问题。谢谢你的回答!我可能仍然出错,因为我遇到了一个致命错误:未捕获错误:调用null(第8行)上的成员函数real_escape_string()。Id是一个主键,并且自动递增!将您的代码发送给我,我会帮您查看,欢迎随时提供帮助。@noah222是的,错误报告。mysqli和PDO都有错误报告,但此答案没有显示如何启用。您能回滚上次编辑吗?在新PDO中不应该有任何try-catch,也不应该手动检查连接错误。
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host,$user,$password,$dbase);
$email = $_POST['var1'];
// you might want to make sure the string is safe this is escaping any special characters
$statment = $mysqli->prepare("INSERT INTO table (Email) VALUES (?)");
$statment->bind_param("s", $email);
if(isset($_POST['var1'])) {
$statment->execute();
}
$mysqli->close();
$statment->close();