Fatal编程技术网
  • php/
  • Php html表单到sql表

Php html表单到sql表

php mysql

Php html表单到sql表,php,mysql,Php,Mysql,我创建了一个名为“employee.php”的表单页面,用于接收用户数据。另外,我还有另一个名为SQLConnectionProcess.php的文件,其中包含将employee.php中的表单链接到sql表的代码。数据库的名称为“employee information”,表的名称为“employee info”。我正在使用phpmyadmin和XAMPP进行本地服务器测试 employee.php代码: <html> <body> <form name="Em

我创建了一个名为“employee.php”的表单页面,用于接收用户数据。另外,我还有另一个名为SQLConnectionProcess.php的文件,其中包含将employee.php中的表单链接到sql表的代码。数据库的名称为“employee information”,表的名称为“employee info”。我正在使用phpmyadmin和XAMPP进行本地服务器测试

employee.php代码:

<html>
<body>

<form name="EmployeeDatabase" action="SQLConnectionProcess.php" method="post">

<link rel="stylesheet" href="css.css">

<h1>EMPLOYEE DATABASE</h1>

Employe Card NO: <input type="text" name="cardNO" ><br><br>
Employee NO: <input type="text" name="employeeNO" ><br><br>
Employee Name: <input type="text" name="employeename"><br><br>
Nationality: <input type="text" name="nationality"><br><br>
Profession: <input type="text" name="profession"><br><br>
DOB: <input type="text" name="DOB"><br><br>
DOJ: <input type="text" name="DOJ"><br><br>
DOA(VisitVisa): <input type="text" name="DOA"><br><br>
Company Code: <input type="text" name="companycode"><br><br>
Sponsor Code: <input type="text" name="sponsorcode"><br><br>
Visa Type: <input type="text" name="visatype"><br><br>
Status: <input type="text" name="status"><br><br>

<input type="submit" name="formSubmit" value="Submit">

</form>

</body>
</html>

  <?php
if(isset($_POST['formSubmit'])){
  $cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
  $employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
  $employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
  $nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
  $profession= isset($_POST['profession']) ? $_POST['profession'] : "";
  $DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
  $DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
  $DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
  $companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
  $sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
  $visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
  $status= isset($_POST['status']) ? $_POST['status'] : "";
  $con = mysqli_connect('localhost','root','','employee information');
  $sql = sprintf("INSERT INTO table_employee info(Employee Card NO,Employee NO,Employee Name,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),Company Code,Sponsor Code,Visa Type,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
  mysqli_query($con,$sql);
}
?>


员工数据库
员工卡号:


员工编号:


员工姓名:


国籍:


职业:


出生日期:


司法部:


DOA(访问ISA):


公司代码:


赞助商代码:


签证类型:


状态:
SQLConnectionProcess.php代码:

<html>
<body>

<form name="EmployeeDatabase" action="SQLConnectionProcess.php" method="post">

<link rel="stylesheet" href="css.css">

<h1>EMPLOYEE DATABASE</h1>

Employe Card NO: <input type="text" name="cardNO" ><br><br>
Employee NO: <input type="text" name="employeeNO" ><br><br>
Employee Name: <input type="text" name="employeename"><br><br>
Nationality: <input type="text" name="nationality"><br><br>
Profession: <input type="text" name="profession"><br><br>
DOB: <input type="text" name="DOB"><br><br>
DOJ: <input type="text" name="DOJ"><br><br>
DOA(VisitVisa): <input type="text" name="DOA"><br><br>
Company Code: <input type="text" name="companycode"><br><br>
Sponsor Code: <input type="text" name="sponsorcode"><br><br>
Visa Type: <input type="text" name="visatype"><br><br>
Status: <input type="text" name="status"><br><br>

<input type="submit" name="formSubmit" value="Submit">

</form>

</body>
</html>

  <?php
if(isset($_POST['formSubmit'])){
  $cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
  $employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
  $employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
  $nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
  $profession= isset($_POST['profession']) ? $_POST['profession'] : "";
  $DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
  $DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
  $DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
  $companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
  $sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
  $visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
  $status= isset($_POST['status']) ? $_POST['status'] : "";
  $con = mysqli_connect('localhost','root','','employee information');
  $sql = sprintf("INSERT INTO table_employee info(Employee Card NO,Employee NO,Employee Name,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),Company Code,Sponsor Code,Visa Type,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
  mysqli_query($con,$sql);
}
?>

使用
isset()
防止上述错误


<?php
if(isset($_POST['formSubmit'])){
  $cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
  $employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
  $employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
  $nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
  $profession= isset($_POST['profession']) ? $_POST['profession'] : "";
  $DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
  $DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
  $DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
  $companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
  $sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
  $visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
  $status= isset($_POST['status']) ? $_POST['status'] : "";
  $con = mysqli_connect('localhost','root','','employee information');
  $sql = sprintf("INSERT INTO employee_info info(EmployeeCardNO,EmployeeNO,EmployeeName,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),CompanyCode,SponsorCode,VisaType,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
  mysqli_query($con,$sql);
}
?>



不要依赖于预期来自客户端的数据。首先确保设置了从
$\u POST
数组读取的所有数据。如果某个值不重要,则可以选择默认值。你可以用一个简短的函数来简化它


function get(&$var, $default = null)
{
  return isset($var) ? $var : $default;
}

$cardNO = get($_POST['cardNO'], 0);


如果所需输入不存在,则必须通知用户

然后永远不要将来自不安全源(例如客户端)的字符串混合到SQL语句中。使用事先准备好的语句


$query_string = 'INSERT INTO `tablename` (`fieldname1`, `fieldname2`) VALUES (?,?);';
if($statement =  $mysqli_connection->prepare( $query_string ))
{ $statement->bind_param('s', $variable1);
  $statement->bind_param('s', $variable2);
  $statement->execute();
  // fetch the result...
}


有关更多信息,请参见

connect上的选项应关闭模拟的准备语句,因为在其他情况下编码攻击仍然是可能的

如果需要访问标识符中包含空格的数据库,可以将空格括在反勾中:


SELECT * FROM `table name with whitespaces`;



您是否为emplo输入了数据‌​yeeNO&sponsorcode?是的,通过输入所有数据来提交表单,如果收到,请在客户端进行验证。其次,尝试调试问题并使用
var\u dump($\u POST);退出查看post请求中的内容。我尝试在所有表单中输入数据。同样的错误仍然存在…请再次查看我编辑的代码。我现在刚刚得到一个白色屏幕是的,因为您的代码中没有任何回音。请检查您的查询数据是否会被插入。谢谢。我使用了上面的代码。没有更多的错误。只是一页空白。这是否意味着它可以工作?我仍在学习使用phpmyadmin,因此我还不知道数据库是否正在接收来自表单的输入。我的表名是“employee info”,数据库名是“employee information”。我是否应该担心我们在代码中使用的“table_employee info”。桌子做什么?在我的代码中,是语法还是表名?给表名employee_info并从所有列名中删除空格。在phpmyadmin中进行更改后,我编辑了sprintf行并使用它@Gotham我们需要使用isset()来防止上述错误,它将检查post中是否存在数据,如果不存在,则将设置为null或0@桑泽巴亚尔