Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/239.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
将数据从表单导出到我的数据库(PHP/MySQL)_Php_Mysql_Forms - Fatal编程技术网
Fatal编程技术网
  • php/
  • 将数据从表单导出到我的数据库(PHP/MySQL)

将数据从表单导出到我的数据库(PHP/MySQL)

php mysql forms

将数据从表单导出到我的数据库(PHP/MySQL),php,mysql,forms,Php,Mysql,Forms,我的web应用程序有问题,当我填写表单并验证表单时,我的phpmyadmin页面中没有任何内容!连接良好,但未导出任何数据 以下是我的php代码: <?php $connect=mysqli_connect("localhost","root","","ramsa"); if (mysqli_connect_errno()) { echo ("Échec de la connexion : %s\n" . mysqli_connect_erro

我的web应用程序有问题,当我填写表单并验证表单时,我的phpmyadmin页面中没有任何内容!连接良好,但未导出任何数据

以下是我的php代码:

  <?php
      $connect=mysqli_connect("localhost","root","","ramsa");

      if (mysqli_connect_errno()) {
        echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
        exit();
    }


$db_selected = mysqli_select_db($connect,"ramsa");

if (!$db_selected)
  {
  die ("Can\'t use this databse : " . mysqli_error());
  }


$query = " INSERT INTO 'reservoir' (CodeReservoir, NomReservoir, AdresseReservoir, Latitude, Longtitude, Capacite, CodeRadial, Type, PseudoType, Alimentation)
           VALUES ('$_POST[coderes]', '$_POST[nomres]', '$_POST[adressres]', '$_POST[latitude]', '$_POST[longitude]', '$_POST[capaciteres]', '$_POST[coteradres]', '$_POST[typeres]','$_POST[pseutype]', '$_POST[alimentationres]')";

echo "Resvoir bien ajouté.";
mysqli_query($connect,$query);
mysqli_close($connect);



?>

首先,我要说的是,您绝对不需要直接将$\u POST super global中的任何内容添加到这样的SQL查询中。您很容易受到SQL注入攻击

也就是说,您是否验证了列名和值类型

我建议首先在php中尝试类似的方法来识别错误


<?php
      $connect=mysqli_connect("localhost","root","","ramsa");

      if (mysqli_connect_errno()) {
        echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
        exit();
    }


$db_selected = mysqli_select_db($connect,"ramsa");

if (!$db_selected)
  {
  die ("Can\'t use this databse : " . mysqli_error());
  }


$testData = Array(); //fill this with a false data set for each column of data

$testInput = "'".implode("','",$testData)."'";

$query = " INSERT INTO `reservoir` (`CodeReservoir`, `NomReservoir`, `AdresseReservoir`, `Latitude`, `Longtitude`, `Capacite`, `CodeRadial`, `Type`, `PseudoType`, `Alimentation`)
           VALUES ($testInput)";

echo $query."<br/>";  //so that you can run it directly in the server using PHPMyAdmin or MySQL Workbench or similar application
mysqli_query($connect,$query);
echo mysqli_error($connect);
mysqli_close($connect);
?>



即使此代码工作正常,您也会遇到一个问题:您对SQL注入攻击非常开放。另外,请阅读SQL注入攻击以及如何防止它们。

<?php
      $connect=mysqli_connect("localhost","root","","ramsa");

      if (mysqli_connect_errno()) {
        echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
        exit();
    }


$db_selected = mysqli_select_db($connect,"ramsa");

if (!$db_selected)
  {
  die ("Can\'t use this databse : " . mysqli_error());
  }


$testData = Array(); //fill this with a false data set for each column of data

$testInput = "'".implode("','",$testData)."'";

$query = " INSERT INTO `reservoir` (`CodeReservoir`, `NomReservoir`, `AdresseReservoir`, `Latitude`, `Longtitude`, `Capacite`, `CodeRadial`, `Type`, `PseudoType`, `Alimentation`)
           VALUES ($testInput)";

echo $query."<br/>";  //so that you can run it directly in the server using PHPMyAdmin or MySQL Workbench or similar application
mysqli_query($connect,$query);
echo mysqli_error($connect);
mysqli_close($connect);
?>