Fatal编程技术网
  • php/
  • HTML表单未通过php向我的数据库提交数据

HTML表单未通过php向我的数据库提交数据

php html mysql database

HTML表单未通过php向我的数据库提交数据,php,html,mysql,database,Php,Html,Mysql,Database,我需要帮助获取我的HTML表单以将数据提交到我的数据库(mysql)。数据库连接良好,但似乎无法将数据连接到数据库中。我使用Notepad++作为我的文本编辑器和测试工具。这是为一个项目提前在课堂上,我需要了解如何做到这一点 HTML @这里是Donald和一个类似的例子。这肯定会对你有帮助 祝你的项目好运 HTML代码: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8">

我需要帮助获取我的HTML表单以将数据提交到我的数据库(mysql)。数据库连接良好,但似乎无法将数据连接到数据库中。我使用Notepad++作为我的文本编辑器和测试工具。这是为一个项目提前在课堂上,我需要了解如何做到这一点

HTML

@这里是Donald和一个类似的例子。这肯定会对你有帮助

祝你的项目好运

HTML代码:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add Record Form</title>
</head>
<body>
<form action="insertrecords.php" method="post">
    <p>
        <label for="FirstName">First Name:</label>
        <input type="text" name="firstname" id="FirstName">
    </p>
    <p>
        <label for="LastName">Last Name:</label>
        <input type="text" name="lastname" id="LastName">
    </p>
    <p>
        <label for="Email">Email:</label>
        <input type="text" name="email" id="Email">
    </p>
    </p>
    <input class="submit" name="submit" type="submit" value="Insert">
</form>
</body>
</html>
请尝试编写代码。请随意提问

您的脚本可能会出错。看看发生了什么事。即使改用。会发生什么?它是给你一个错误,还是说“Records inserted successfully.”而没有将其添加到数据库中?我明白,现在我只是想学习如何制作一个简单的表单,将数据插入数据库中。请一步一个脚印。当我在本地主机上测试它时,它不会返回任何错误或任何东西。当我使用php而不是html手动输入值进行测试时,它成功地插入了数据。这只是一个用于数据库管理的图形用户界面(有点笨拙)。@没必要,我知道得很清楚,先看这个问题。他是新来的,正在做班级作业。他需要了解php和mysqli的基本知识,然后才能学习mysqli prepare语句。不要不必要地写文章,先看问题。如果我不擅长基本的sql和php,那么他会学到什么sql注入呢。我的帖子我的答案是right@Strawberry我已经更新了Answare并修复了
sql注入
至少现在删除了否决票。回答是正确的,如果你不这样做,未来的访问者会认为这是错误的,很少有人会再次投反对票。非常感谢您投票支持我的Answare,我对我所说的一切表示歉意 
<?php
$link = mysqli_connect("localhost", "root", "", "student_request");

if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

if(isset($_POST['submit'])){ 
    $techid = $_POST['techid'];
    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $phone = $_POST['phone'];
    $email = $_POST['email'];
    $state = $_POST['state'];
    $address = $_POST['address'];
    $zipcode = $_POST['zipcode'];
    $date = $_POST['date'];
    $course = $_POST['course'];
    $request = $_POST['request'];

    $sql = "INSERT INTO student (TECH_ID, FIRST_NAME, LAST_NAME, PHONE_NUM, EMAIL, STATE, ADDRESS, ZIPCODE, DATE, COURSE, REQUEST_TYPE) VALUES ('$techid','$firstname','$lastname','$phone','$email','$state','$address','$zipcode','$date','$course','$request')";
    if(mysqli_query($link, $sql)) {
        echo "Records inserted successfully.";
    } else {
        echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
    }
}
mysqli_close($link);
?>

CREATE TABLE `student` (
  `REQUEST_ID` int(255) NOT NULL,
  `TECH_ID` int(11) NOT NULL,
  `FIRST_NAME` varchar(255) NOT NULL,
  `LAST_NAME` varchar(255) NOT NULL,
  `PHONE_NUM` varchar(255) NOT NULL,
  `EMAIL` varchar(255) NOT NULL,
  `STATE` varchar(255) NOT NULL,
  `ADDRESS` varchar(255) NOT NULL,
  `ZIPCODE` varchar(255) NOT NULL,
  `DATE` date NOT NULL,
  `COURSE` varchar(255) NOT NULL,
  `REQUEST_TYPE` text NOT NULL
)

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add Record Form</title>
</head>
<body>
<form action="insertrecords.php" method="post">
    <p>
        <label for="FirstName">First Name:</label>
        <input type="text" name="firstname" id="FirstName">
    </p>
    <p>
        <label for="LastName">Last Name:</label>
        <input type="text" name="lastname" id="LastName">
    </p>
    <p>
        <label for="Email">Email:</label>
        <input type="text" name="email" id="Email">
    </p>
    </p>
    <input class="submit" name="submit" type="submit" value="Insert">
</form>
</body>
</html>

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "demo";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

if(isset($_POST['submit'])){

    //USE MYSQLI_REAL_ESCAPE_STRING() TO ESCAPE SINGLE QUOTES 
    // AND AGAINST SQL INJECTION      
    $firstname = mysqli_real_escape_string($conn, $_POST['firstname']);
    $lastname = mysqli_real_escape_string($conn, $_POST['lastname']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);


    $sql = "INSERT INTO MyGuests (firstname, lastname, email)
    VALUES ('$firstname', '$lastname', '$email')";

    if (mysqli_query($conn, $sql)) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($conn);
    }

    mysqli_close($conn);    
}
?>

<?php    
$sql = $conn->stmt_init();

    $query = "INSERT INTO MyGuests (firstname, lastname, email)
    VALUES (?,?,?)";

    if($sql->prepare($query)){
        $sql->bind_param('sss',$firstname,$lastname,$email);

        $sql->execute();

        echo "New record successfully inserted";
    }
    else
    {
        echo "Error inserting the record".$conn->error;
    }
?>