Php 不更新SQL数据库
出于某种原因,我的代码没有更新mySQL数据库,但没有报告任何错误 register.php(表单)Php 不更新SQL数据库,php,html,mysql,sql,Php,Html,Mysql,Sql,出于某种原因,我的代码没有更新mySQL数据库,但没有报告任何错误 register.php(表单) 团队名称*: 团队区域*: 组长*: 小组成员: action.php <?php $con=mysqli_connect("192.185.#.###","########_reg","#######","#########"); if (mysqli_connect_errno()) {echo "Failed to connect to M
团队名称*:
团队区域*:
组长*:
小组成员:
<?php
$con=mysqli_connect("192.185.#.###","########_reg","#######","#########");
if (mysqli_connect_errno()) {echo "Failed to connect to MySQL: " . mysqli_connect_error();}
$action = $_GET['do'];
if($action=="register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$result = mysqli_query($con, "INSERT INTO teams (teamname, region, teamleader, teammembers, wins, loses)
VALUES (" . $teamname . "," . $teamregion . "," . $teamleader . "," . $teammembers . ",0,0);");
}
?>
$con = new mysqli('localhost', 'root', '', 'dachi');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if (isset($_GET['do']) && $_GET['do'] === "register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$wins = 0;
$loses = 0;
$stmt = $con->prepare("INSERT INTO `teams` (`teamname`,`region`,`teamleader`,`teammembers`,`wins`,`loses`) VALUES (?,?,?,?,?,?)");
$stmt->bind_param('ssssii', $teamname, $teamregion, $teamleader, $teammembers, $wins, $loses);
$stmt->execute();
$stmt->close();
}
<form class="register_form" action="action.php?do=register" method="post">
Team Name*: <input type="text" name="teamname" required />
Team Region*: <input type="text" name="teamregion" maxlength="4" required />
Team Leader*: <input type="text" name="teamleader" maxlength="16" required />
Team Members: <input type="text" name="teammembers" />
<input name="register_submit" type="submit" value="Register" />
</form>
$action = $_GET['do'];
if($action=="register") {
并更改
$action=$\u GET['do']至$action=$\u POST['register\u submit']这是一个工作示例,其中包含准备好的语句,这些语句“更适合”一般使用,而不是query
action.php
<?php
$con=mysqli_connect("192.185.#.###","########_reg","#######","#########");
if (mysqli_connect_errno()) {echo "Failed to connect to MySQL: " . mysqli_connect_error();}
$action = $_GET['do'];
if($action=="register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$result = mysqli_query($con, "INSERT INTO teams (teamname, region, teamleader, teammembers, wins, loses)
VALUES (" . $teamname . "," . $teamregion . "," . $teamleader . "," . $teammembers . ",0,0);");
}
?>
$con = new mysqli('localhost', 'root', '', 'dachi');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if (isset($_GET['do']) && $_GET['do'] === "register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$wins = 0;
$loses = 0;
$stmt = $con->prepare("INSERT INTO `teams` (`teamname`,`region`,`teamleader`,`teammembers`,`wins`,`loses`) VALUES (?,?,?,?,?,?)");
$stmt->bind_param('ssssii', $teamname, $teamregion, $teamleader, $teammembers, $wins, $loses);
$stmt->execute();
$stmt->close();
}
<form class="register_form" action="action.php?do=register" method="post">
Team Name*: <input type="text" name="teamname" required />
Team Region*: <input type="text" name="teamregion" maxlength="4" required />
Team Leader*: <input type="text" name="teamleader" maxlength="16" required />
Team Members: <input type="text" name="teammembers" />
<input name="register_submit" type="submit" value="Register" />
</form>
$action = $_GET['do'];
register.php
<?php
$con=mysqli_connect("192.185.#.###","########_reg","#######","#########");
if (mysqli_connect_errno()) {echo "Failed to connect to MySQL: " . mysqli_connect_error();}
$action = $_GET['do'];
if($action=="register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$result = mysqli_query($con, "INSERT INTO teams (teamname, region, teamleader, teammembers, wins, loses)
VALUES (" . $teamname . "," . $teamregion . "," . $teamleader . "," . $teammembers . ",0,0);");
}
?>
$con = new mysqli('localhost', 'root', '', 'dachi');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if (isset($_GET['do']) && $_GET['do'] === "register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$wins = 0;
$loses = 0;
$stmt = $con->prepare("INSERT INTO `teams` (`teamname`,`region`,`teamleader`,`teammembers`,`wins`,`loses`) VALUES (?,?,?,?,?,?)");
$stmt->bind_param('ssssii', $teamname, $teamregion, $teamleader, $teammembers, $wins, $loses);
$stmt->execute();
$stmt->close();
}
<form class="register_form" action="action.php?do=register" method="post">
Team Name*: <input type="text" name="teamname" required />
Team Region*: <input type="text" name="teamregion" maxlength="4" required />
Team Leader*: <input type="text" name="teamleader" maxlength="16" required />
Team Members: <input type="text" name="teammembers" />
<input name="register_submit" type="submit" value="Register" />
</form>
$action = $_GET['do'];
团队名称*:
团队区域*:
组长*:
小组成员:
register.php(表单)
不,但是,请使用准备好的语句!顺便说一句,mysqli已经准备好了语句,请使用它们。另外,这里的代码似乎容易受到sql注入的攻击。使用内联sql时,需要确保用户不能输入与sql语句混淆的值,从而导致服务器执行恶意更新、插入和其他命令。除非使用准备好的语句/绑定变量,否则需要在sql语句中转义并将字符串值括在引号中。。。。道德,使用约束variables@Mihai:您所说的准备语句是什么意思?但它正在检查action.php上设置为“register”的“do”?您应该能够获得它