php - 使用php将表单中的数据填充到数据库中
问题描述
我想将表单中的数据插入数据库。
我已经搜索了很长时间,但无法弄清楚我做错了什么。任何帮助将不胜感激
HTML
<!DOCTYPE html>
<html>
<head>
<title>PHP insertion</title>
<link href="css/insert.css" rel="stylesheet">
</head>
<body>
<div class="maindiv">
<!--HTML Form -->
<div class="form_div">
<div class="title">
<h2>Book Information</h2>
</div>
<form action="new 12.php" method="post">
<!-- Method can be set as POST for hiding values in URL-->
<h3>Enter the Details</h3>
<label>Access number</label>
<input class="input" name="access" type="text" value=""><br>
<label>Title</label>
<input class="input" name="title" type="text" value=""><br>
<label>Author</label>
<input class="input" name="author" type="text" value=""><br>
<label>Edition</label>
<input class="input" name="edition" type="text" value=""><br>
<label>Publisher</label>
<input class="input" name="publisher" type="text" value=""><br>
<input class="submit" name="submit" type="submit" value="Submit"><br>
</form>
</div>
</div>
</body>
</html>
PHP
<?php
$link = mysqli_connect("localhost", "root", "admin", "library");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "INSERT INTO library (access,title,author,edition,publisher) VALUES ('$access','$title','$author','$edition','$publisher')";
if(mysqli_query($link, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
解决方案
首先,我强烈建议进行 PDO 连接,例如:
<?php
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
?>
第二:我会将 id 放入所有输入 第三:你错过了$_POST["value"]
所以你没有发送信息 html 应该如下所示:
<!DOCTYPE html>
<html>
<head>
<title>PHP insertion
</title>
<link href="css/insert.css" rel="stylesheet">
</head>
<body> <div class="maindiv">
<!--HTML Form -->
<div class="form_div">
<div class="title">
<h2>Book Information</h2>
</div>
<form action="new 12.php" method="post">
<!-- Method can be set as POST for hiding values in URL-->
<h3>Enter the Details</h3>
<label>Access number</label> <input class="input" name="access" id="access" type="text" value=""><br>
<label>Title</label> <input class="input" name="title" id="title" type="text" value=""><br>
<label>Author</label> <input class="input" name="author" id="author" type="text" value=""><br>
<label>Edition</label> <input class="input" name="edition" id="edition" type="text" value=""><br>
<label>Publisher</label> <input class="input" name="publisher" id="publiser" type="text" value=""><br>
<input class="submit" name="submit" type="submit" value="Submit"><br>
</form>
</div>
</div>
</body>
</html>
像这样的php:
<?php
try {
$conn = new PDO("mysqli:server = yoursever; Database = yourdatabase", "user", "pass");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
print("Error connecting to Server.");
die(print_r($e));
}
$access= $_POST['access'];
$title= $_POST['title'];
$author= $_POST['author'];
$edition= $_POST['edition'];
$publisher= $_POST['publisher'];
$sql = "INSERT INTO library (access, title, author, edition, publisher) VALUES (?,?,?,?,?)";
$stmti= $conn->prepare($sql);
$stmti->execute([$access, $title, $author, $edition, $publisher]);
if ($stmti->error){
echo "ERROR";
}
else{
echo "Records inserted successfully.";
}
$conn->close();
?>
这是在服务器中插入信息以防止 SQL 注入的一种安全方法,请阅读“Bobby Tables”XKCD 漫画中的 SQL 注入如何工作?更好地了解如何防止感染到您的服务器
推荐阅读
- java - Modifying sql table after i input something
- fail2ban - 禁止IP之前的fail2ban仅记录模式
- typescript - 为什么将联合类型赋予变量和赋予相同类型的参数如此不同?
- python - Is it possible to save 4 variables that hold sliced arrays into a single variable?
- swift - 如何从 tabBar 呈现 viewController,如 tabBar 中的 instagram 帖子项目 [Swift]
- mysql - mysql dense_rank 函数给出语法错误,而它看起来还可以
- perl - After crawling a website, I have non-perl files with a .pl extension
- python - loading json files using json normalize + pd concat
- javascript - 单击 HTML 表单中的按钮时出现“找不到您的文件”错误
- r - 系统发育树猿太小