Php 通过html表单向mysql数据库添加数据
我是php新手,我试图在我的html表单和数据库之间创建一个链接,但它不起作用。请帮帮我。谢谢Php 通过html表单向mysql数据库添加数据,php,Php,我是php新手,我试图在我的html表单和数据库之间创建一个链接,但它不起作用。请帮帮我。谢谢 我在同一页上有html标签和php代码,我已经正确安装了mysql并创建了我的数据库,但它仍然是链接。好吧,就像评论中提到的人一样;什么是不起作用的? 我还建议您使用mySQLi而不是mySQL 关于如何制作插入表的表单的示例 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/h
我在同一页上有html标签和php代码,我已经正确安装了mysql并创建了我的数据库,但它仍然是链接。好吧,就像评论中提到的人一样;什么是不起作用的? 我还建议您使用mySQLi而不是mySQL 关于如何制作插入表的表单的示例
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel = "stylesheet" href = "css/mystyle.css" type = "text/css/">
<title> APPOINTMENT FORMS </title>
</head>
<body>
<form method="post" action="<?php $_PHP_SELF ?>">
<p> <?php if(isset($_REQUEST['message'])) echo $_REQUEST['message'] ?> </p>
<table width = '50%' border = '0' cell spacing = '0' cell padding = '2'>
<tr>
<td align = 'right' style='padding:10px'>EM_ID: </td>
<td> <input type = 'text' name = 'em_id' placeholder = 'Enter your ID here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Appointment Type: </td>
<td><input type = 'text' name = 'appointment_type' placeholder = 'Enter either part time/full time here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Appointment Category: </td>
<td><input type = 'text' name = 'appointment_category' placeholder = 'Enter either Academic/Non-Academic here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Date of Appointment: </td>
<td><input type = 'text' name = 'date_of_appointment' placeholder = 'Enter yy/mm/dd here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style='padding:10px'> Date of Confirmation: </td>
<td><input type = 'text' name = 'date_of_confirmation' placeholder = 'Enter date of confirmation of appointment here' size = '50'></td>
</tr>
<tr>
<td align = 'right' style = 'padding:20px'><input type = 'submit' value ='Submit'></td>
</tr>
</table>
</form>
<?php
if (isset($_POST['submit'])) {
$connect = mysql_connect('localhost','root','oluwaseun') or die ("Could not connect to the database");
mysql_select_db('school_of_science', $connect) or die ("Could not find the database");
$em_id = $_POST['em_id'];
$appointment_type = $_POST['appointment_type'];
$appointment_category= $_POST['appointment_category'];
$date_of_appointment = $_POST['date_of_appointment'];
$date_of_confirmation = $_POST['date_of_confirmation'];
mysql_query("INSERT into appointment (em_id,appointment_type,appointment_category,date_of_appointment,date_of_confirmation)
VALUES('$em_id','$appointment_type','$appointment_category','$date_of_appointment','$date_of_confirmation')") or die(mysql_error());
$message = "Your data has been entered successfully";
header("location:practice.php? message=$message");
}
?>
</body>
</html>
正如其他人所说;你应该熟悉如何防止SQL注入。我猜你也吃了问题标题中的字母M,但它不起作用太模糊了,你能更准确地说什么不起作用吗?通过使用外部变量构建SQL语句,你会让自己很容易受到SQL注入攻击。此外,任何带有单引号的输入数据,如O'Malley的名字,都会破坏您的SQL查询。请了解如何使用参数化查询(最好是PDO模块)来保护您的web应用程序。有很多例子可以帮助您入门,并且有很多详细的例子。我谦虚地建议您熟悉mysql\u real\u escape\u string;。mysqli可以在一个查询中执行多个语句,您的代码看起来并不比OP的代码好,它看起来更糟。md5没有盐,mysqli直接传递变量,这一切仍然是混乱和更少的secure@DanFromGermany-我只是向他展示了如何将数据从表单传递到数据库,因为他就是这么问的。你向他展示的方式是错误的。看看我的答案,我们在这里讨论了如何以良好的方式使用mysqli:
<form action='index.php?a=register' method='post'> <!-- You can use if(isset($_POST['submit'])) as well, but I prefer ?a(ction)= :) -->
Username: <input type='text' name='username /> Password: <input type='password' name='password' />
<input type='submit' value='Register' />
</form>
<?php
$db = mysqli_connect("server_name", "user", "password", "database") or die (mysqli_error());
if($_GET['a']=='register')
{
$username = $_REQUEST['username']; // Can also use $_POST
$password = md5($_REQUEST['password']); // Same here ^.
mysqli_query($db, "INSERT INTO users(username, password) VALUES('$username', '$password')");
}
?>