-1
//connect to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");

//select the database
mysql_select_db($database)
or die("Unable to select database: " . mysql_error());
?>
<head>
<title>Add New Article</title>
</head>
//this is supposed to take the form and put info into variables
<?php
if(isset($_POST['submit'])){
$title = $_POST['1title'];
$category = $_POST['1category'];
$uploader = $_POST['1uploader'];
$date = $_POST['1date'];
$youtubeurl = $_POST['1youtubeurl'];
$thumbnail = $_POST['1thumbnail'];
$content = $_POST['1content'];
}
//this is supposed to take those variables and put it into mysql
$query = "INSERT INTO videos (title, category, content, uploader, youtubeurl,    thumbnail) VALUES('$title', '$category', '$content', '$uploader', '$youtubeurl', '$thumbnail')";

    ?>


<body>
//This is my form where people enter info to be stored to mysql
<form method="POST" action="newvideo.php">
<pre>
Title <input type="text" name="1title" />
Category <input type="text" name="1category" />
Uploader <input type="text" name="1uploader" />
Date <input type="text" name="1date" />
Video URL <input type="text" name="1youtubeurl" />
Thumbnail URL <input type="text" name="1thumbnail" />
Content <textarea name="1content"></textarea>
<input type="submit" name="submit" />



</pre>

</form>
</body>

</html>
4

3 回答 3

6

你定义$query了,但你从来没有真正执行过那个查询......

$query = "INSERT ...";
$result=  mysql_query($query) or die(mysql_error()); // you forgot this line

请注意,如果您编写的代码实际上是在执行查询,那么它很容易受到SQL 注入攻击

于 2013-07-16T20:03:11.197 回答
5

好吧,对于初学者来说,您的查询可能应该在您的if语句内,而不是在它之外(我猜你只想在他们实际提交表单时进行插入)。

其次,您声明了查询,但您从未真正执行过它(参见@MarcB 的回答)。

第三,如果您确实执行了该查询,您不会逃避您的输入,并且容易受到 SQL 注入的攻击。

于 2013-07-16T20:03:56.247 回答
1

好吧,在不引发关于迁移到 MySQLi 或 PDO 的辩论的情况下,我将按原样回答这个问题。您已指定 SQL 命令,但尚未使用它查询数据库。您需要 mysql_query($query)在 SQL 命令之后运行。最好在 if 语句中。

if(isset($_POST) {
    $query = "INSERT INTO videos (title, category, content, uploader, youtubeurl,    thumbnail) VALUES('$title', '$category', '$content', '$uploader', '$youtubeurl', '$thumbnail')";

    mysql_query($query);

}

如果没有该if语句,查询将在页面加载时运行。

于 2013-07-16T20:08:10.897 回答