1

所以我正在尝试创建一个将数据放入表中的表单,并且我让它工作,但是当它进入表时,它只会创建空行。这是我的代码,请帮助我。

表单.php

<form action="tableinsert.php" method="post">
    First Name:<input type="text" name="fname"> <br/>
    Last Name:<input type="text" name="lname"><br/>
    Username:<input type="text" name="uname"><br/>
    Password:<input type="text" name="password"><br/>
    Email:<input type="text" name="email"><br/>
</form>

表格插入.php

<?php
$sc = mysqli_connect ("localhost" , "dbname" , "password");

if (mysqli_errno($sc))
{
    echo "Sorry, I couldn't connect to the database. If you keep getting this error, please email the webmaster at natashaharrell@hotmail.com " . mysql_error;
}

$si = "INSERT INTO sdb_users (fname, lname, uname, password, email)
VALUES ('$_POST[fname]' , '$_POST[lname]' , '$_POST[uname]' , '$_POST[password]' , '$_POST[email]' )";

if (!mysqli_query($sc, $si))
{
    echo "Sorry there seems to be a problem: " . mysqli_errno($sc) ;
}

else
{
    echo "1 record added.";
}

    mysqli_close($sc);

?>
4

6 回答 6

4

试试看

$si = "INSERT INTO sdb_users (fname, lname, uname, password, email)
VALUES ('".$_POST["fname"]."' , '".$_POST["lname"]."' , '".$_POST["uname"]."' , '".$_POST["password"]."' , '".$_POST["email"]."' )";
于 2013-05-13T09:55:50.123 回答
1

您可能会得到空行,因为表单正在填充空值并且每次加载页面时都会自动提交。你应该使用提交按钮。

于 2013-05-13T09:54:50.037 回答
1

Use mysqli prepare() http://php.net/manual/en/mysqli.prepare.php to insert data into your SQL queries. There are a lot of simple mistakes that novices can make, to render their code vunerable to security issues, thats why mysql_* has been depreciated

<?php

/* create a prepared statement */
if ($stmt = $mysqli->prepare("INSERT INTO sdb_users (fname, lname, uname, password, email) VALUES ( ?, ?, ?, ?, ? )")) {

/* bind parameters for markers */
$stmt->bind_param("s", $_POST["fname"]);
$stmt->bind_param("s", $_POST["lname"]);
$stmt->bind_param("s", $_POST["uname"]);
$stmt->bind_param("s", $_POST["password"]);
$stmt->bind_param("s", $_POST["email"];

/* execute query */
$stmt->execute();
?>
于 2013-05-13T10:04:05.573 回答
1

Replace this

$si = "INSERT INTO sdb_users (fname, lname, uname, password, email)
VALUES ('$_POST[fname]' , '$_POST[lname]' , '$_POST[uname]' , '$_POST[password]' , '$_POST[email]')";

With this:

$si = 'INSERT INTO sdb_users (fname, lname, uname, password, email)
VALUES ("' . $_POST['fname'] . '", "' . $_POST['lname'] . '" , "' . $_POST['uname'] . '", "' . $_POST['password'] . '", "' . $_POST['email'] . '")';

That fixes your actual problem, but as an aside, wrap each of those POST values in MySQLi's string escaping function (I'm a PDO user, but I believe it's MySQLi::real_escape_string). That helps protect you from SQL injection.

The reason it wasn't working is you didn't put the array key in quotes. I changed from double quotes to single, because it's easier to escape values and saves PHP having to process the magic-quoted string.

于 2013-05-13T10:07:31.743 回答
1

Firstly, it is a a convention to store the values obtained from the form fields into variables. Do that. Then after that you must clean up the values you got from the text fields. Basically you must clear it of all unexpected stuff like SQL injections (complex stuff). To do that you must use MySQL real escape string. After that is done, substitute the variables in the place of your earlier variables such as $_POST['fname'] or $_POST['lname'].

Hopefully after this you will have a script that works fully.

于 2013-05-13T10:13:25.920 回答
0

您在查询中使用的值不正确。试试这个方法。

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$uname = $_POST['uname'];
$pwd =   $_POST['password'];
$email = $_POST['email']

$si = "INSERT INTO sdb_users (fname, lname, uname, password, email)
        VALUES ('$fname' , '$lname' , '$uname' , '$pwd' , '$email' )";

编辑:使用 mysql_real_escape_string() 函数在插入前清理数据。

于 2013-05-13T09:56:44.660 回答