0

即使使用更正的表单方法并且无需检索 insert.php 页面上的值,这仍然有效。为什么?

  <!doctype html>

 <html>

<head>
<title></title>
</head

<body>
<form action="insert.php" method="post">
    First Name: <input type="text" name="fname" /><br>
    Last Name: <input type="text" name="lname" /><br>
    Username:  <input type="text" name="uname" /><br>

    <input type="submit" name="submit" value="Register"/><br>
</form>

</body>
</html>

插入.php

<?php

 $con=mysqli_connect("","","","");
 // Check connection
if (mysqli_connect_errno())
 {
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
 }

$sql="INSERT INTO traders (fname, lname, username)
VALUES
('$fname','$lname','$uname')";

if (!mysqli_query($con,$sql))
{
   die('Error: ' . mysqli_error($con));
} 
echo "1 record added " ;

mysqli_close($con);
?>
4

3 回答 3

4

action您有两个form标签 - 将第二个更改为method

<form action="insert.php" method="post">
    First Name: <input type="text" name="fname" /><br>
    Last Name: <input type="text" name="lname" /><br>
    Username:  <input type="text" name="uname" /><br>

    <input type="submit" name="submit" value="Register"/><br>
</form>

因为method没有找到 - 它假定 GET。

也可以用,等代替$fname,等。$lname$_POST['fname']$_POST['lname']

并了解有关将变量绑定到查询中的更多信息

于 2013-07-27T20:58:05.690 回答
0

像这样使用 POST 方法

<form action="insert.php" method="post">
于 2013-07-27T20:59:00.037 回答
0

你需要改变

<form action="insert.php" action="post">

至...

<form action="insert.php" method="post">

另外.....您需要检索值....

$fname = $_POST['fname'],  $lname = $_POST['lname'];  //etc etc

而是做绑定语句,以获得额外的安全性......

像这样...

$mysqli = new mysqli('YOUR DETAILS HERE');


$stmt = $mysqli->prepare("INSERT INTO traders (fname, lname, username) VALUES (?, ?, ?)");
$stmt->bind_param('sssd', $_POST['fname'], $_POST['lname'], $_POST['uname']);
$stmt->execute();
于 2013-07-27T21:00:56.053 回答