mysql表未使用php mysqli从表单接收数据
我无法将数据插入表中,但它会显示相同的空白表单。我知道很多人以前都会贴出这样的问题,但我试着寻找答案,但没有成功。这是最后的选择。所以请帮我解决我的问题。下面是php和html5代码。看一下。多谢各位mysql表未使用php mysqli从表单接收数据,php,mysql,mysqli,Php,Mysql,Mysqli,我无法将数据插入表中,但它会显示相同的空白表单。我知道很多人以前都会贴出这样的问题,但我试着寻找答案,但没有成功。这是最后的选择。所以请帮我解决我的问题。下面是php和html5代码。看一下。多谢各位 <?php include_once("connection.php"); set_time_limit (1800); $msg = ""; if(isset($_POST["submit"])) { $first_name = $_POST["first_name"];
<?php
include_once("connection.php");
set_time_limit (1800);
$msg = "";
if(isset($_POST["submit"]))
{
$first_name = $_POST["first_name"];
$middle_name = $_POST["middle_name"];
$last_name = $_POST["last_name"];
$licence_no = $_POST["licence"];
$qualification = $_POST["qualification"];
$adress1 = $_POST["adress1"];
$adress2 = $_POST["adress2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zipcode = $_POST["zipcode"];
$phone = $_POST["phone"];
$specialization = $_POST["specialization"];
$consultation_fee = $_POST["consultation_fee"];
$experience = $_POST["experience"];
$timings = $_POST["timings"];
//To avoid Mysql injections
$first_name = mysqli_real_escape_string($db, $first_name);
$middle_name = mysqli_real_escape_string($db, $middle_name);
$last_name = mysqli_real_escape_string($db, $last_name);
$licence_no = mysqli_real_escape_string($db, $licence_no);
$qualification = mysqli_real_escape_string($db, $qualification);
$adress1 = mysqli_real_escape_string($db, $adress1);
$adress2 = mysqli_real_escape_string($db, $adress2);
$city = mysqli_real_escape_string($db, $city);
$state = mysqli_real_escape_string($db, $state);
$zipcode = mysqli_real_escape_string($db, $zipcode);
$phone = mysqli_real_escape_string($db, $phone);
$specialization = mysqli_real_escape_string($db, $specialization);
$consultation_fee = mysqli_real_escape_string($db, $consultation_fee);
$experience = mysqli_real_escape_string($db, $experience);
$timings = mysqli_real_escape_string($db, $timings);
$query = mysqli_query($db,"INSERT INTO t_doctorprofile (first_name,
middle_name, last_name, licence, qualification, adress1, adress2,
city, state, zipcode, phone, email, specialization, consultation_fee,
experience, timings) VALUES ('$first_name','$middle_name', '$last_name',
'$licence_no','$qualification','$adress1','$adress2',
'$city','$state','$zipcode','$phone',
'$specialization','$consultation_fee','$experience','$timings')");
if($query)
{
$msg = "Thank You! you have updated your information.";
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Sign-Up</title>
</head>
<body id="body-color"> <div id="update"> <fieldset style="width:30%">
<legend>Update Your Information</legend> <table border="0">
<tr> <form method="POST" action="doctor_insert_updateprofile.php">
<td>First Name</td>
<td> <input type="text" name="first_name"></td> </tr>
<td>Middle Name</td>
<td> <input type="text" name="middle_name"></td> </tr>
<tr> <td>Last Name </td><td> <input type="text" name="last_name"></td>
</tr>
<tr> <td>Licence No: </td><td> <input type="text" name="licence"></td>
</tr>
<tr> <td>Qualification </td><td> <input type="text"
name="qualification"></td> </tr>
<tr> <td>Address1 </td><td> <input type="text" name="adress1"></td> </tr>
<tr> <td>Address2 </td><td> <input type="text" name="adress2"></td> </tr>
<tr> <td>City </td><td> <input type="text" name="city"></td> </tr>
<tr> <td>State </td><td> <input type="text" name="state"></td> </tr>
<tr> <td>ZIP </td><td> <input type="text" name="zipcode"></td> </tr>
<tr> <td>Phone</td><td> <input type="text" name="phone"></td> </tr>
<tr> <td>Specialization</td><td> <input type="text" name="specialization">
</td> </tr>
<tr> <td>Consultation Fee</td><td> <input type="text" name="consultation
fee"></td> </tr>
<tr> <td>Experience</td><td> <input type="text" name="experience"></td>
</tr>
<tr> <td>Timings</td><td> <input type="text" name="timings"></td> </tr>
<div style="color:red; font-family:sans-serif"><?php echo $msg;?></div>
<hr/>
<button type="submit" name="submit" class="btn btn-
success">Update</button>
<hr/>
</form>
</table>
</body>
</html>
试试这个
if(isset($_POST["submit"]))
{
//To avoid Mysql injections
$first_name = mysqli_real_escape_string($db, $_POST["first_name"]);
$middle_name = mysqli_real_escape_string($db, $_POST["middle_name"]);
$last_name = mysqli_real_escape_string($db, $_POST["last_name"]);
$licence_no = mysqli_real_escape_string($db, $_POST["licence"]);
$qualification = mysqli_real_escape_string($db, $_POST["qualification"]);
$adress1 = mysqli_real_escape_string($db, $_POST["adress1"]);
$adress2 = mysqli_real_escape_string($db, $_POST["adress2"]);
$city = mysqli_real_escape_string($db, $_POST["city"]);
$state = mysqli_real_escape_string($db, $_POST["state"]);
$zipcode = mysqli_real_escape_string($db, $_POST["zipcode"]);
$phone = mysqli_real_escape_string($db, $_POST["phone"]);
$specialization = mysqli_real_escape_string($db, $_POST["specialization"]);
$consultation_fee = mysqli_real_escape_string($db, $_POST["consultation_fee"]);
$experience = mysqli_real_escape_string($db, $_POST["experience"]);
$timings = mysqli_real_escape_string($db, $_POST["timings"]);
$query = "INSERT INTO t_doctorprofile (first_name,
middle_name, last_name, licence, qualification, adress1, adress2,
city, state, zipcode, phone, email, specialization, consultation_fee,
experience, timings)
VALUES ('$first_name','$middle_name', '$last_name',
'$licence_no','$qualification','$adress1','$adress2',
'$city','$state','$zipcode','$phone', '$email'
'$specialization','$consultation_fee','$experience','$timings')";
if (!mysqli_query($db,$query)) {
die('Error: ' . mysqli_error($db));
}
if($query){
echo 'Success';
}
有吗?列和值不相等!!我认为您的价值观中缺少电子邮件。请不要使用转义来确保安全。使用事先准备好的语句。您没有保护自己免受SQL注入的影响。看看@Saty,你也可以把它当作回答。谢谢Saty。你是对的。尽管这更清晰、更简短,但并不能解决他的问题。但仍然让他接受SQL注入。@Jeff什么是更清晰、更简短的方法???@Abdulla你分配值的方式比原始方法更清晰、更简短。不过,这并不能解决他的问题。@Jeff cz他仍然没有回答这个问题!!。你怎么知道它不起作用??你自己试过这个吗??
<?php
include_once("connection.php");
set_time_limit (1800);
$msg = "";
if(isset($_POST["submit"]))
{
$first_name = $_POST["first_name"];
$middle_name = $_POST["middle_name"];
$last_name = $_POST["last_name"];
$licence_no = $_POST["licence"];
$qualification = $_POST["qualification"];
$adress1 = $_POST["adress1"];
$adress2 = $_POST["adress2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zipcode = $_POST["zipcode"];
$phone = $_POST["phone"];
$specialization = $_POST["specialization"];
$consultation_fee = $_POST["consultation_fee"];
$experience = $_POST["experience"];
$timings = $_POST["timings"];
//To avoid Mysql injections
$first_name = mysqli_real_escape_string($db, $first_name);
$middle_name = mysqli_real_escape_string($db, $middle_name);
$last_name = mysqli_real_escape_string($db, $last_name);
$licence_no = mysqli_real_escape_string($db, $licence_no);
$qualification = mysqli_real_escape_string($db, $qualification);
$adress1 = mysqli_real_escape_string($db, $adress1);
$adress2 = mysqli_real_escape_string($db, $adress2);
$city = mysqli_real_escape_string($db, $city);
$state = mysqli_real_escape_string($db, $state);
$zipcode = mysqli_real_escape_string($db, $zipcode);
$phone = mysqli_real_escape_string($db, $phone);
$specialization = mysqli_real_escape_string($db, $specialization);
$consultation_fee = mysqli_real_escape_string($db, $consultation_fee);
$experience = mysqli_real_escape_string($db, $experience);
$timings = mysqli_real_escape_string($db, $timings);
if (!mysqli_query($db,$query)) {
die('Error: ' . mysqli_error($db));
}
if($query){
echo 'Success';
}