PHP无法通过表单创建mySQL记录
我一直在使用来自不同站点(包括这个站点)的信息设置我的第一个表单/PHP/mySQL组合,并在本地服务器上使用MAMP运行它。尽管该网页始终成功连接到目标数据库,但它尚未将我键入的数据输入MySQL表(我正在使用phpMyAdmin进行检查) 您可能会看到从PHP无法通过表单创建mySQL记录,php,mysql,forms,Php,Mysql,Forms,我一直在使用来自不同站点(包括这个站点)的信息设置我的第一个表单/PHP/mySQL组合,并在本地服务器上使用MAMP运行它。尽管该网页始终成功连接到目标数据库,但它尚未将我键入的数据输入MySQL表(我正在使用phpMyAdmin进行检查) 您可能会看到从insert.php中注释出的一些内容,这是我以前尝试过但不起作用的内容 表单位于index.php <form action="insert.php" method="post"> Diet Name: <
insert.phpindex.php<form action="insert.php" method="post">
Diet Name: <input type="text" name="name"><br/>
Your Rating: <select type="int" name="rating">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select><br/>
Type: BodyBuilding<input type="radio" name="type" value="BodyBuilding"> Weight Loss<input type="radio" name="type" value="Weight Loss"><br/>
Description: <input type="text" name="descr"><br/>
<input type="submit">
您需要使用
mysql\u querymysqli\u query$sql $sql="INSERT INTO diet (name, rating, type, descr)
VALUES('$_POST[name]','$_POST[rating]','$_POST[type],'$_POST[descr]')";
mysql_query($sql, $link)
$name=htmlentities($_POST['name'], ENT_QUOTES);
$rating=htmlentities($_POST['rating'], ENT_QUOTES);
$type=htmlentities($_POST['type'], ENT_QUOTES);
$descr=htmlentities($_POST['descr'], ENT_QUOTES);
sql=mysql_query("INSERT INTO diet ('name', 'rating', 'type', 'descr') VALUES ('".$name."','".$rating."','".$type."','".$descr."'");
首先,您的
$sqlecho mysql_error();
您还可以登录phpMyAdmin并尝试将sql手册放入其中(以查找sql语法中的错误)。您应该使用mysqli而不是mysql。如果将其用于参数化查询,效果会更好。 这将自动防止sql注入
define('DB_NAME', 'diet');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // open connection
if ($mysqli->connect_error) { // check if connection opened correctly
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
// get $_POST vars
$name = $_POST[name];
$rating = $_POST[rating];
$type = $_POST[type];
$desc = $_POST[descr];
$sql="INSERT INTO diet (name, rating, type, descr) VALUES(?,?,?,?)"; // create sql query string
$stmt = $mysqli->stmt_init(); // initialize sqli statement
if ($stmt->prepare($sql)) { // prepare sqli statement
$stmt->bind_params("ssss", $name, $rating, $type, $desc); // bind values to the 4 '?', also stating that each is a string ("ssss")
$stmt->execute(); // execute statement
$stmt->close(); // close statement
}
$mysqli->close(); // close connection
下面是一个PDO示例。我不知道
Now()
$dbhost = 'YOUR_SERVER';
$dbuser = 'YOUR_USERNAME';
$dbpass = 'YOUR_PASSWORD';
$dbname = 'YOUR_DATABASE_NAME';
try {
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
}
catch(PDOException $e) {
echo $e->getMessage();
}
$name = $_POST[name];
$rating = $_POST[rating];
$type = $_POST[type];
$desc = $_POST[descr];
if ($conn)
{
$query = "INSERT INTO diet (name, rating, type, descr) VALUES(:name, :rating, :type, :desc)";
$insert = $conn->prepare($query);
$insert->bindValue(":name",$name);
$insert->bindValue(":rating",$rating);
$insert->bindValue(":type",$type);
$insert->bindValue(":desc",$desc);
$insert->execute();
}
/* Free connection resources. */
$conn = null;
文件:
您似乎试图在4行中插入5个值。您的POST数据在哪里?现在我看不到它了。此查询中有5-6个以上的错误。更不用说OP正在使用陈旧、过时和易受攻击的mysql_uuu函数作为PDO提示(顺便说一句jk:)不幸的是,您存在一些sql注入漏洞。我建议您使用准备好的语句,但这是为了让作者能够让代码正常工作。mysql\u real\u escape\u string
也可以使用OP有可用的PDO。尝试了所有其他解决方案,这是唯一添加了行的解决方案!我已经安装了PDO,从现在起将继续使用它。:)
echo mysql_error();
define('DB_NAME', 'diet');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // open connection
if ($mysqli->connect_error) { // check if connection opened correctly
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
// get $_POST vars
$name = $_POST[name];
$rating = $_POST[rating];
$type = $_POST[type];
$desc = $_POST[descr];
$sql="INSERT INTO diet (name, rating, type, descr) VALUES(?,?,?,?)"; // create sql query string
$stmt = $mysqli->stmt_init(); // initialize sqli statement
if ($stmt->prepare($sql)) { // prepare sqli statement
$stmt->bind_params("ssss", $name, $rating, $type, $desc); // bind values to the 4 '?', also stating that each is a string ("ssss")
$stmt->execute(); // execute statement
$stmt->close(); // close statement
}
$mysqli->close(); // close connection
$dbhost = 'YOUR_SERVER';
$dbuser = 'YOUR_USERNAME';
$dbpass = 'YOUR_PASSWORD';
$dbname = 'YOUR_DATABASE_NAME';
try {
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
}
catch(PDOException $e) {
echo $e->getMessage();
}
$name = $_POST[name];
$rating = $_POST[rating];
$type = $_POST[type];
$desc = $_POST[descr];
if ($conn)
{
$query = "INSERT INTO diet (name, rating, type, descr) VALUES(:name, :rating, :type, :desc)";
$insert = $conn->prepare($query);
$insert->bindValue(":name",$name);
$insert->bindValue(":rating",$rating);
$insert->bindValue(":type",$type);
$insert->bindValue(":desc",$desc);
$insert->execute();
}
/* Free connection resources. */
$conn = null;