php - PHP 表单不插入 MySQL
问题描述
我正在尝试制作一个表格并将其上传到我的数据库中,但它不起作用。
这是我的 HTML 代码:
<form name="Form-Request" method="post" action ="icn/form.php">
<div>
<p><input type = "text" placeholder="Name" name = "name"></p>
<p><input type = "email" placeholder="Email-address" name = "email"></p>
<p><input type = "text" placeholder="Virtual Airline" name = "va"></p>
<p><input type = "text" placeholder="Virtual Airline (IATA Code)" name = "va-iata"></p>
<p><select name="pricing">
<option>Free</option>
<option>Business</option>
<option>Pro</option>
</select></p>
<p><select name="vam-vms">
<option>PHPVMS</option>
<option>VAM</option>
</select></p>
<p><input type = "text" placeholder="Additional Info" name = "add-info"></p>
<input class="button-primary" type="submit" value="Submit">这是我的 PHP 发布文件,我已经输入了数据库详细信息,但我不想分享它:):
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$va = $_POST['va'];
$vaiata = $_POST['va-iata'];
$pricing = $_POST['pricing'];
$vamvms = $_POST['vam-vms'];
$additionalinfo = $_POST['add-info'];
<?php
$servername = "host";
$username = "username";
$password = "password";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO request_site (Name, Email Address, Virtual Airline, Virtual Airline IATA, Pricing, VAM/PHPVMS, Additional info)
VALUES ('$name', '$email', '$va', '$vaiata', '$pricing', '$vamvms', '$additionalinfo' )";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>谢谢。
解决方案
您应该使用此代码执行一些操作。
首先,由于您尝试使用表单中的每个字段,因此您应该将required属性添加到每个输入字段。
其次,由于您正在提交发布请求,我建议您在请求是 POST 时签入您的 PHP 脚本,并检查您尝试从 POST 获取的值是否存在。这将防止有人简单地导航到您的脚本并尝试不正确地执行它:
<?php
if (
$_SERVER['REQUEST_METHOD'] === 'POST' &&
array_key_exists('name', $_POST) &&
array_key_exists('email', $_POST) &&
array_key_exists('va', $_POST) &&
array_key_exists('va-iata', $_POST) &&
array_key_exists('pricing', $_POST) &&
array_key_exists('vam-vms', $_POST) &&
array_key_exists('add-info', $_POST)
) {
/* ... */
} else {
http_response_code(401);
}
?>
第三,不要使用mysqli. PDO 类自 PHP 5.1.0 以来就已经出现,它是连接到数据库的首选方法。在这种情况下,使用 Try/Case 语句尝试建立 PDO 连接:
try {
/* database configuration */
$servername = "host";
$username = "username";
$password = "password";
$dbname = "dbname";
/* establish a PDO connection */
$dsn = "mysql:dbname=$dbname;host=$servername;charset=utf8mb4";
$db = new PDO($dsn, $username, $password);
$db -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
/* run SQL query */
} catch(PDOException $ex) {
/* handle database error */
}
第四,您需要稍微调整一下您的 SQL 语句,我认为这是导致一些错误的地方。通常最好的做法是使用反引号来转义列名,但在这种情况下,由于看起来您的列名中包含空格,因此实际上是必要的(加号name也可能是关键字)。使用参数来防止 SQL 注入也是最佳实践。这个想法是您在 SQL 查询中传递一个用户定义的名称并带有:前缀,并且该名称对应于在传递的数组中定义的值:
/* Insert all the values in the request_site */
$stmt = $db->prepare('
INSERT INTO `request_site` (
`Name`,
`Email Address`,
`Virtual Airline`,
`Virtual Airline IATA`,
`Pricing`,
`VAM/PHPVMS`,
`Additional info`
) VALUES (
:name,
:email,
:va,
:vaiata,
:pricing,
:vamvms,
:additionalinfo
);
');
$stmt->execute(array(
':name' => $name,
':email' => $email,
':va' => $va,
':vaiata' => $vaiata,
':pricing' => $pricing,
':vamvms' => $vamvms,
':additionalinfo' => $additionalinfo
));
把它们放在一起,你会得到:
<?php
if (
$_SERVER['REQUEST_METHOD'] === 'POST' &&
array_key_exists('name', $_POST) &&
array_key_exists('email', $_POST) &&
array_key_exists('va', $_POST) &&
array_key_exists('va-iata', $_POST) &&
array_key_exists('pricing', $_POST) &&
array_key_exists('vam-vms', $_POST) &&
array_key_exists('add-info', $_POST)
) {
/* put the $_POST values in variables */
$name = $_POST['name'];
$email = $_POST['email'];
$va = $_POST['va'];
$vaiata = $_POST['va-iata'];
$pricing = $_POST['pricing'];
$vamvms = $_POST['vam-vms'];
$additionalinfo = $_POST['add-info'];
try {
/* database configuration */
$servername = "host";
$username = "username";
$password = "password";
$dbname = "dbname";
/* establish a PDO connection */
$dsn = "mysql:dbname=$dbname;host=$servername;charset=utf8mb4";
$db = new PDO($dsn, $username, $password);
$db -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
/* Insert all the values in the request_site */
$stmt = $db->prepare('
INSERT INTO `request_site` (
`Name`,
`Email Address`,
`Virtual Airline`,
`Virtual Airline IATA`,
`Pricing`,
`VAM/PHPVMS`,
`Additional info`
) VALUES (
:name,
:email,
:va,
:vaiata,
:pricing,
:vamvms,
:additionalinfo
);
');
$stmt->execute(array(
':name' => $name,
':email' => $email,
':va' => $va,
':vaiata' => $vaiata,
':pricing' => $pricing,
':vamvms' => $vamvms,
':additionalinfo' => $additionalinfo
));
echo 'New record created successfully';
} catch(PDOException $ex) {
/* handle database error */
echo 'Connection failed: ', $ex->getMessage();
}
} else {
http_response_code(401);
}
?>
推荐阅读
- mapreduce - MapReduce - 用 Mokito 模拟
- unit-testing - 检查是否已使用 sinon spy 调用了存根的 getter 函数
- python - 调用 np.sum(np.fromiter(generator))
- babeljs - 使用 Babel 将静态变量转换为 `process.env` 属性
- c++ - 使用 malloc() 时出现意外大小
- image - 如何使用 OpenCV 查找图像上每个单独轮廓的高度和宽度
- rxjs - RxJs:您可以将运算符作为参数传播到管道运算符中吗
- html - 通过电子邮件发送 HTML 中的照片时出现问题
- javascript - fullcalendar timegridweek 不能正确显示事件时间
- video - 将 .mp4 批量转换为 hls 分段流