将数据从表单导出到我的数据库(PHP/MySQL)
我的web应用程序有问题,当我填写表单并验证表单时,我的phpmyadmin页面中没有任何内容!连接良好,但未导出任何数据 以下是我的php代码:将数据从表单导出到我的数据库(PHP/MySQL),php,mysql,forms,Php,Mysql,Forms,我的web应用程序有问题,当我填写表单并验证表单时,我的phpmyadmin页面中没有任何内容!连接良好,但未导出任何数据 以下是我的php代码: <?php $connect=mysqli_connect("localhost","root","","ramsa"); if (mysqli_connect_errno()) { echo ("Échec de la connexion : %s\n" . mysqli_connect_erro
<?php
$connect=mysqli_connect("localhost","root","","ramsa");
if (mysqli_connect_errno()) {
echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
exit();
}
$db_selected = mysqli_select_db($connect,"ramsa");
if (!$db_selected)
{
die ("Can\'t use this databse : " . mysqli_error());
}
$query = " INSERT INTO 'reservoir' (CodeReservoir, NomReservoir, AdresseReservoir, Latitude, Longtitude, Capacite, CodeRadial, Type, PseudoType, Alimentation)
VALUES ('$_POST[coderes]', '$_POST[nomres]', '$_POST[adressres]', '$_POST[latitude]', '$_POST[longitude]', '$_POST[capaciteres]', '$_POST[coteradres]', '$_POST[typeres]','$_POST[pseutype]', '$_POST[alimentationres]')";
echo "Resvoir bien ajouté.";
mysqli_query($connect,$query);
mysqli_close($connect);
?>
首先,我要说的是,您绝对不需要直接将$\u POST super global中的任何内容添加到这样的SQL查询中。您很容易受到SQL注入攻击
也就是说,您是否验证了列名和值类型
我建议首先在php中尝试类似的方法来识别错误
<?php
$connect=mysqli_connect("localhost","root","","ramsa");
if (mysqli_connect_errno()) {
echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
exit();
}
$db_selected = mysqli_select_db($connect,"ramsa");
if (!$db_selected)
{
die ("Can\'t use this databse : " . mysqli_error());
}
$testData = Array(); //fill this with a false data set for each column of data
$testInput = "'".implode("','",$testData)."'";
$query = " INSERT INTO `reservoir` (`CodeReservoir`, `NomReservoir`, `AdresseReservoir`, `Latitude`, `Longtitude`, `Capacite`, `CodeRadial`, `Type`, `PseudoType`, `Alimentation`)
VALUES ($testInput)";
echo $query."<br/>"; //so that you can run it directly in the server using PHPMyAdmin or MySQL Workbench or similar application
mysqli_query($connect,$query);
echo mysqli_error($connect);
mysqli_close($connect);
?>
即使此代码工作正常,您也会遇到一个问题:您对SQL注入攻击非常开放。另外,请阅读SQL注入攻击以及如何防止它们。
<?php
$connect=mysqli_connect("localhost","root","","ramsa");
if (mysqli_connect_errno()) {
echo ("Échec de la connexion : %s\n" . mysqli_connect_error());
exit();
}
$db_selected = mysqli_select_db($connect,"ramsa");
if (!$db_selected)
{
die ("Can\'t use this databse : " . mysqli_error());
}
$testData = Array(); //fill this with a false data set for each column of data
$testInput = "'".implode("','",$testData)."'";
$query = " INSERT INTO `reservoir` (`CodeReservoir`, `NomReservoir`, `AdresseReservoir`, `Latitude`, `Longtitude`, `Capacite`, `CodeRadial`, `Type`, `PseudoType`, `Alimentation`)
VALUES ($testInput)";
echo $query."<br/>"; //so that you can run it directly in the server using PHPMyAdmin or MySQL Workbench or similar application
mysqli_query($connect,$query);
echo mysqli_error($connect);
mysqli_close($connect);
?>