Fatal编程技术网
  • php/
  • Php 将表单数据写入SQL数据库

Php 将表单数据写入SQL数据库

php sql

Php 将表单数据写入SQL数据库,php,sql,Php,Sql,我总是出人意料;。我想不出是什么问题。如果有人有任何建议,我将不胜感激 send_post.php <?php //Create connect $connect = mysqli_connect("localhost","tasks","tasks15!","tasks"); //Sending form data to sql db. mysqli_query ($connect,"INSERT INTO tasks (CompanyName, ContactName, Addres

我总是出人意料;。我想不出是什么问题。如果有人有任何建议,我将不胜感激

send_post.php

<?php
//Create connect
$connect = mysqli_connect("localhost","tasks","tasks15!","tasks");
//Sending form data to sql db.
mysqli_query ($connect,"INSERT INTO tasks (CompanyName, ContactName,  Address1, Address2, City, State, Zip, Phone1, Phone2, Fax1)
VALUES ('$_POST[tasks_CompanyName]', '$_POST[tasks_ContactName]',     '$_POST[tasks_Address1]', '$_POST[tasks_Address2]' ,'$_POST[tasks_City]','$_POST[tasks_State],'$_POST[tasks_Zip]', '$_POST[tasks_Phone1]','$_POST[tasks_Phone2]','$_POST[tasks_Fax1]');"

?>
index.html

<form action="send_post.php" method="post">
<h1>Customer Information</h1>

<h3>Company Name</h3> <input type="text" name="tasks_CompanyName"> <br>
<h2>Customer Name</h2><h3>First Name</h3> <input type="text" name="tasks_fname"><br>
<h3> Last Name</h3><input type="text" name="tasks_lname"><br>
<h3> Address 1 </h3>  <input type="text" name="tasks_Address1"><br>

<h3> Address 2</h3>   <input type="text" name="tasks_Address2"><br>

<h3>City</h3><input type="text" name="tasks_City"><br>

<h3>State</h3> <input type="text" name="tasks_State"><br>

<h3>Zip</h3>    <input type="text" name="tasks_Zip"><br>

<h3>Phone 1</h3><input type="text" name="tasks_Phone1"><br>

<h3>Phone 2</h3> <input type="text" name="tasks_Phone2"><br>

<h3>Fax 1</h3>     <input type="text" name="tasks_Fax1"><br>


<input type="submit">
</form>
这一行有一些错误。 $\u POST是一个数组,因此必须使用键的名称访问该值,例如$\u POST[tasks\u Address1]而不是$\u POST[tasks\u Address1]

在这行末尾的引号内还有分号:“$\u POST[tasks\u Fax1]”;。您需要在外部加上分号:“$\u POST[tasks\u Fax1]”

您的SQL还可能受到SQL注入的影响。阅读一些参考资料,例如如何使代码免受恶意输入的影响。

您可以尝试添加;在mysqli_查询行的末尾缺少

send_post.php:5

<?php
mysqli_query ($connect,"INSERT INTO tasks
  (CompanyName, ContactName, Address1, 
   Address2, City, State, Zip, Phone1,
   Phone2, Fax1)
VALUES
  ('$_POST[tasks_CompanyName]', '$_POST[tasks_ContactName]',
   '$_POST[tasks_Address1]',    '$_POST[tasks_Address2]',
   '$_POST[tasks_City]',        '$_POST[tasks_State],
   '$_POST[tasks_Zip]',     '$_POST[tasks_Phone1]',   
   '$_POST[tasks_Phone2]',  '$_POST[tasks_Fax1]'
  );");
?>
请注意,在不进行验证的情况下记录POST数据是危险的,因为这可能会导致XSS和SQL注入攻击。

“$”POST[tasks\u Fax1];至“$”发布[任务传真1];;我认为结尾处的分号可以保留,因为它结束了sql语句,但是额外的分号应该放在php语句的末尾statement@flynorc你是对的;您可以在SQL语句的末尾有一个,但这不是必需的 
<?php
mysqli_query ($connect,"INSERT INTO tasks
  (CompanyName, ContactName, Address1, 
   Address2, City, State, Zip, Phone1,
   Phone2, Fax1)
VALUES
  ('$_POST[tasks_CompanyName]', '$_POST[tasks_ContactName]',
   '$_POST[tasks_Address1]',    '$_POST[tasks_Address2]',
   '$_POST[tasks_City]',        '$_POST[tasks_State],
   '$_POST[tasks_Zip]',     '$_POST[tasks_Phone1]',   
   '$_POST[tasks_Phone2]',  '$_POST[tasks_Fax1]'
  );");
?>