我是php的初学者。我正在使用 twitter-bootstrap 创建一个网站。我想将从网站下拉菜单提交的数据存储到名为 datawebcollectiondb 的 MySQL 数据库中。当用户从打开的文本字段而不是从下拉菜单中提交输入时,我能够将信息存储在数据库中。提交下拉菜单时,数据库中的所有字段都用 0 填充。
首先打开的文本字段确实有效:
HTML 文件:
<html>
<body>
<form action="insert.php" method="post">
Number Please: <input type="text" name="directionp">
Another Number: <input type="text" name="timep">
Third Number: <input type="text" name="locationp">
Fourth Number: <input type="text" name="searchtimep">
<input type="submit">
</form>
</body>
</html>
有效的PHP文件:
<?php
$con = mysql_connect("host", "username", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("timeforparkingdb", $con);
$sql="INSERT INTO datawebcollection (directionp, timeofdayp, locationp, searchtimep)
VALUES
('$_POST[directionp]','$_POST[timep]','$_POST[locationp]','$_POST[searchtimep]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 more record added =) ";
mysql_close($con);
?>
除了用 0 填充 db 之外,不能与上述 php 文件一起使用的 HTML 文件:
<html>
<form action="insert.php" method="post">
<b>DIRECTION:</b>
<select name="directionp">
<option value="1">Coming</option>
<option value="2">Going</option>
</select>
<b>TIME:</b>
<select name="timep">
<option value="0">12:00am - 1:00am</option>
<option value="1">1:00am - 2:00am</option>
<option value="2">2:00am - 3:00am</option>
<option value="3">3:00am - 4:00am</option>
<option value="4">4:00am - 5:00am</option>
<option value="5">5:00am - 6:00am</option>
<option value="6">6:00am - 7:00am</option>
<option value="7">7:00am - 8:00am</option>
<option value="8">8:00am - 9:00am</option>
<option value="9">9:00am - 10:00am</option>
<option value="10">10:00am - 11:00am</option>
<option value="11">11:00am - 12:00pm</option>
<option value="12">12:00pm - 1:00pm</option>
</select>
<b>LOCATION:</b>
<select name="locationp">
<option value="1">Zone One</option>
<option value="2">Zone Two</option>
<option value="3">Zone Three</option>
<option value="4">Zone Four</option>
<option value="5">Zone Five</option>
<option value="6">Zone Six</option>
<option value="7">Zone Seven</option>
<option value="8">Zone Eight</option>
<option value="9">Zone Nine</option>
<option value="10">Zone Ten</option>
<option value="11">Zone Eleven</option>
<option value="12">Zone Twelve</option>
<option value="13">Zone Thirteen</option>
</select>
<b>SEARCH TIME HERE:</b>
<select name="searchtimep">
<option value="0">Under 1 Minute</option>
<option value="1">1 Minute - 3 Minutes</option>
<option value="5">3 Minutes - 5 Minutes</option>
<option value="10">5 Minutes - 10 Minutes</option>
<option value="15">10 Minutes -15 Minutes</option>
<option value="20">15 Minutes - 20 Minutes</option>
<option value="25">20 Minutes - 25 Minutes</option>
<option value="30">25 Minutes - 30 Minutes</option>
<option value="35">30 Minutes - 35 Minutes</option>
<option value="40">35 Minutes - 40 Minutes</option>
<option value="45">40 Minutes - 45 Minutes</option>
<option value="50">45 Minutes - 50 Minutes</option>
<option value="55">50 Minutes - 55 Minutes</option>
<option value="60">55 Minutes - 1 HOUR</option>
<option value="0">Over 1 HOUR</option>
</select>
<button type="submit" class="btn btn-large btn-primary">Submit</button>
</form>
</html>
原始 MySQL 数据库结构:
Field Type Collation Attributes Null Default Extra Action
unique_entry_id int(11) No
dayp int(2) No
monthp int(2) No
yearp int(4) No
directionp int(1) No
timeofdayp int(2) No
locationp int(2) No
searchtimep int(2) No
到目前为止,我在数据库中看到的内容:
unique_entry_id dayp monthp yearp directionp timeofdayp locationp searchtimep
0 6 6 6 0 0 0 0
0 7 7 7 0 0 0 0
0 8 24 2345 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
值不是 0 的行来自我运行原始代码时,只有 0 的行来自下拉表单。如何获得正确的相关选项值作为存储到数据库中的值?我会认为分配给选项的值,即<option value="1">Zone One</option> <option value="2">Zone Two</option>,将是提交给数据库的值。
我在 chrome 开发者控制台上看到的内容form data如下:
direction=2&time=5&location=5&searchtime=25
并且数据库仍然记录了所有的 0。
更正的 MySQL 数据库结构:目前更正的数据库结构:
Field Type Collation Attributes Null Default Extra
unique_entry_id int(11) No
city_id varchar(50) utf8_general_ci No
datep date No
directionp int(1) No
timeofdayp time No
locationp int(2) No
searchtimep int(2) No
为了将整数而不是文本从我的 php 代码传递给 mySQL 数据库,我删除了单引号:
<?php
$con = mysql_connect("", "", "");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("timeforparkingdb", $con);
$sql="INSERT INTO datawebcollection (directionp, timeofdayp, locationp, searchtimep)
VALUES
($_POST[directionp],$_POST[timep],$_POST[locationp],$_POST[searchtimep])";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Thank you for your submission! 1 more record added =) ";
mysql_close($con);
?>
第一步为了避免 SQL 注入,我将 HTML 修改为:
<form action="insert.php" id="timeforparking" method="post">
<input type="submit">
</form>
和:
DIRECTION:
<select form = "timeforparking" id="directionp">
<option value="1">Parking In Manhattan</option>
<option value="2">Leaving Manhattan</option>
</select>
TIME:
<select form = "timeforparking" id="timep">
<option value="0">12:00am - 1:00am</option>
<option value="1">1:00am - 2:00am</option>
<option value="2">2:00am - 3:00am</option>
<option value="3">3:00am - 4:00am</option>
<option value="4">4:00am - 5:00am</option>
<option value="5">5:00am - 6:00am</option>
<option value="6">6:00am - 7:00am</option>
<option value="7">7:00am - 8:00am</option>
<option value="8">8:00am - 9:00am</option>
<option value="9">9:00am - 10:00am</option>
<option value="10">10:00am - 11:00am</option>
<option value="11">11:00am - 12:00pm</option>
<option value="12">12:00pm - 1:00pm</option>
<option value="13">1:00pm - 2:00pm</option>
<option value="14">2:00pm - 3:00pm</option>
<option value="15">3:00pm - 4:00pm</option>
<option value="16">4:00pm - 5:00pm</option>
<option value="17">5:00pm - 6:00pm</option>
<option value="18">6:00pm - 7:00pm</option>
<option value="19">7:00pm - 8:00pm</option>
<option value="20">8:00pm - 9:00pm</option>
<option value="21">9:00pm - 10:00pm</option>
<option value="22">10:00pm - 11:00am</option>
<option value="23">11:00am - 12:00pm</option>
</select>
LOCATION:
<select form = "timeforparking" id="locationp">
<option value="1">Zone One</option>
<option value="2">Zone Two</option>
<option value="3">Zone Three</option>
<option value="4">Zone Four</option>
<option value="5">Zone Five</option>
<option value="6">Zone Six</option>
<option value="7">Zone Seven</option>
<option value="8">Zone Eight</option>
<option value="9">Zone Nine</option>
<option value="10">Zone Ten</option>
<option value="11">Zone Eleven</option>
<option value="12">Zone Twelve</option>
<option value="13">Zone Thirteen</option>
</select>
REPORT YOUR APPROXIMATE SEARCH TIME HERE:
<select form = "timeforparking" id="searchtimep">
<option value="0">Under 1 Minute</option>
<option value="1">1 Minute - 3 Minutes</option>
<option value="5">3 Minutes - 5 Minutes</option>
<option value="10">5 Minutes - 10 Minutes</option>
<option value="15">10 Minutes -15 Minutes</option>
<option value="20">15 Minutes - 20 Minutes</option>
<option value="25">20 Minutes - 25 Minutes</option>
<option value="30">25 Minutes - 30 Minutes</option>
<option value="35">30 Minutes - 35 Minutes</option>
<option value="40">35 Minutes - 40 Minutes</option>
<option value="45">40 Minutes - 45 Minutes</option>
<option value="50">45 Minutes - 50 Minutes</option>
<option value="55">50 Minutes - 55 Minutes</option>
<option value="60">55 Minutes - 1 HOUR</option>
<option value="0">Over 1 HOUR</option>
</select>
我将不得不对 php 做一些事情以避免注入,我还不知道我需要为此做什么,我目前正在http://php.net/manual/en/pdo.prepared研究这个-statements.php,并尝试将以下内容应用于我的案例:
This example performs an INSERT query by substituting a name and a value for the named placeholders.
<?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);
// insert one row
$name = 'one';
$value = 1;
$stmt->execute();
// insert another row with different values
$name = 'two';
$value = 2;
$stmt->execute();
?>
可能我的某些值是空的。接下来我希望检查 POST 参数并通过Print out post values在 php 代码中打印出来,具体来说:
<?php
// loop through every form field
while( list( $field, $value ) = each( $_POST )) {
// display values
if( is_array( $value )) {
// if checkbox (or other multiple value fields)
while( list( $arrayField, $arrayValue ) = each( $value )) {
echo "<p>" . $arrayValue . "</p>\n";
}
} else {
echo "<p>" . $value . "</p>\n";
}
}
?>
提交后输出:
blank white screen
这是否意味着我正在尝试将空值传递给我的数据库?而且我不再收到我的数据库中的所有 0,因为我知道有一个 SQL 错误(或者是因为我传递了空白值,即 $_POST[locationp] 和 $_POST[searchtimep] 是空的?这是正确的结论吗?如果是这样,为什么要这样做?)使用没有单引号的更新的PHP;使用最新的 PHP [如上所示,没有单引号,因此它不会作为文本发送] 和上面的 HTML 现在使用表单的 ID 标记,我收到:
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,)' at line 3"
当我从网页提交时。因此,Chrome 没有显示任何有关表单值的内容,仅列出了“请求标头”和“响应标头”。
我原来的问题/帖子仍然是:从下拉菜单中将值存储在 MySQL 数据库中?
我无法从中收集解决方案的相关问题:使用 PHP 将下拉列表中的数据插入数据库