Php html表单到sql表
我创建了一个名为“employee.php”的表单页面,用于接收用户数据。另外,我还有另一个名为SQLConnectionProcess.php的文件,其中包含将employee.php中的表单链接到sql表的代码。数据库的名称为“employee information”,表的名称为“employee info”。我正在使用phpmyadmin和XAMPP进行本地服务器测试 employee.php代码:Php html表单到sql表,php,mysql,Php,Mysql,我创建了一个名为“employee.php”的表单页面,用于接收用户数据。另外,我还有另一个名为SQLConnectionProcess.php的文件,其中包含将employee.php中的表单链接到sql表的代码。数据库的名称为“employee information”,表的名称为“employee info”。我正在使用phpmyadmin和XAMPP进行本地服务器测试 employee.php代码: <html> <body> <form name="Em
<html>
<body>
<form name="EmployeeDatabase" action="SQLConnectionProcess.php" method="post">
<link rel="stylesheet" href="css.css">
<h1>EMPLOYEE DATABASE</h1>
Employe Card NO: <input type="text" name="cardNO" ><br><br>
Employee NO: <input type="text" name="employeeNO" ><br><br>
Employee Name: <input type="text" name="employeename"><br><br>
Nationality: <input type="text" name="nationality"><br><br>
Profession: <input type="text" name="profession"><br><br>
DOB: <input type="text" name="DOB"><br><br>
DOJ: <input type="text" name="DOJ"><br><br>
DOA(VisitVisa): <input type="text" name="DOA"><br><br>
Company Code: <input type="text" name="companycode"><br><br>
Sponsor Code: <input type="text" name="sponsorcode"><br><br>
Visa Type: <input type="text" name="visatype"><br><br>
Status: <input type="text" name="status"><br><br>
<input type="submit" name="formSubmit" value="Submit">
</form>
</body>
</html>
<?php
if(isset($_POST['formSubmit'])){
$cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
$employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
$employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
$nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
$profession= isset($_POST['profession']) ? $_POST['profession'] : "";
$DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
$DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
$DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
$companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
$sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
$visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
$status= isset($_POST['status']) ? $_POST['status'] : "";
$con = mysqli_connect('localhost','root','','employee information');
$sql = sprintf("INSERT INTO table_employee info(Employee Card NO,Employee NO,Employee Name,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),Company Code,Sponsor Code,Visa Type,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
mysqli_query($con,$sql);
}
?>
员工数据库
员工卡号:
员工编号:
员工姓名:
国籍:
职业:
出生日期:
司法部:
DOA(访问ISA):
公司代码:
赞助商代码:
签证类型:
状态:
SQLConnectionProcess.php代码:
<html>
<body>
<form name="EmployeeDatabase" action="SQLConnectionProcess.php" method="post">
<link rel="stylesheet" href="css.css">
<h1>EMPLOYEE DATABASE</h1>
Employe Card NO: <input type="text" name="cardNO" ><br><br>
Employee NO: <input type="text" name="employeeNO" ><br><br>
Employee Name: <input type="text" name="employeename"><br><br>
Nationality: <input type="text" name="nationality"><br><br>
Profession: <input type="text" name="profession"><br><br>
DOB: <input type="text" name="DOB"><br><br>
DOJ: <input type="text" name="DOJ"><br><br>
DOA(VisitVisa): <input type="text" name="DOA"><br><br>
Company Code: <input type="text" name="companycode"><br><br>
Sponsor Code: <input type="text" name="sponsorcode"><br><br>
Visa Type: <input type="text" name="visatype"><br><br>
Status: <input type="text" name="status"><br><br>
<input type="submit" name="formSubmit" value="Submit">
</form>
</body>
</html>
<?php
if(isset($_POST['formSubmit'])){
$cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
$employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
$employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
$nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
$profession= isset($_POST['profession']) ? $_POST['profession'] : "";
$DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
$DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
$DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
$companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
$sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
$visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
$status= isset($_POST['status']) ? $_POST['status'] : "";
$con = mysqli_connect('localhost','root','','employee information');
$sql = sprintf("INSERT INTO table_employee info(Employee Card NO,Employee NO,Employee Name,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),Company Code,Sponsor Code,Visa Type,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
mysqli_query($con,$sql);
}
?>
使用isset()
防止上述错误
<?php
if(isset($_POST['formSubmit'])){
$cardNO= isset($_POST['cardNO']) ? $_POST['cardNO'] : 0;
$employeeNO= isset($_POST['employeeNO']) ? $_POST['employeeNO'] : 0;
$employeename= isset($_POST['employeename']) ? $_POST['employeename'] : "";
$nationality= isset($_POST['nationality']) ? $_POST['nationality'] : "";
$profession= isset($_POST['profession']) ? $_POST['profession'] : "";
$DOB= isset($_POST['DOB']) ? $_POST['DOB'] : "";
$DOJ= isset($_POST['DOJ']) ? $_POST['DOJ'] : "";
$DOA= isset($_POST['DOA']) ? $_POST['DOA'] : "";
$companycode = isset($_POST['companycode']) ? $_POST['companycode'] : 0;
$sponsorcode= isset($_POST['sponsorcode']) ? $_POST['sponsorcode'] : 0;
$visatype= isset($_POST['visatype']) ? $_POST['visatype'] : "";
$status= isset($_POST['status']) ? $_POST['status'] : "";
$con = mysqli_connect('localhost','root','','employee information');
$sql = sprintf("INSERT INTO employee_info info(EmployeeCardNO,EmployeeNO,EmployeeName,Nationality,Profession,DOB,DOJ,DOA(VisitVisa),CompanyCode,SponsorCode,VisaType,Status) VALUES ('','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",$cardNO,$employeeNO,$employeename,$nationality,$profession,$DOB,$DOJ,$DOA,$companycode,$sponsorcode,$visatype,$status);
mysqli_query($con,$sql);
}
?>
不要依赖于预期来自客户端的数据。首先确保设置了从$\u POST
数组读取的所有数据。如果某个值不重要,则可以选择默认值。你可以用一个简短的函数来简化它
function get(&$var, $default = null)
{
return isset($var) ? $var : $default;
}
$cardNO = get($_POST['cardNO'], 0);
如果所需输入不存在,则必须通知用户
然后永远不要将来自不安全源(例如客户端)的字符串混合到SQL语句中。使用事先准备好的语句
$query_string = 'INSERT INTO `tablename` (`fieldname1`, `fieldname2`) VALUES (?,?);';
if($statement = $mysqli_connection->prepare( $query_string ))
{ $statement->bind_param('s', $variable1);
$statement->bind_param('s', $variable2);
$statement->execute();
// fetch the result...
}
有关更多信息,请参见
connect上的选项应关闭模拟的准备语句,因为在其他情况下编码攻击仍然是可能的
如果需要访问标识符中包含空格的数据库,可以将空格括在反勾中:
SELECT * FROM `table name with whitespaces`;
您是否为emplo输入了数据yeeNO&sponsorcode?是的,通过输入所有数据来提交表单,如果收到,请在客户端进行验证。其次,尝试调试问题并使用var\u dump($\u POST);退出代码>查看post请求中的内容。我尝试在所有表单中输入数据。同样的错误仍然存在…请再次查看我编辑的代码。我现在刚刚得到一个白色屏幕是的,因为您的代码中没有任何回音。请检查您的查询数据是否会被插入。谢谢。我使用了上面的代码。没有更多的错误。只是一页空白。这是否意味着它可以工作?我仍在学习使用phpmyadmin,因此我还不知道数据库是否正在接收来自表单的输入。我的表名是“employee info”,数据库名是“employee information”。我是否应该担心我们在代码中使用的“table_employee info”。桌子做什么?在我的代码中,是语法还是表名?给表名employee_info并从所有列名中删除空格。在phpmyadmin中进行更改后,我编辑了sprintf行并使用它@Gotham我们需要使用isset()来防止上述错误,它将检查post中是否存在数据,如果不存在,则将设置为null或0@桑泽巴亚尔