0

我正在尝试将用户以表单形式提交的数据放到我拥有的 MySQL 数据库中,但我似乎无法弄清楚!我到处搜索并最终复制了一些我在互联网上找到的 php 代码,但它仍然没有将数据放入数据库!

这是我的 HTML 表单:

<form action="Sendtodatabase.php" method="POST" name="EmailForm">

    First Name:<br>
    <input type="text" size="25" name="firstname"><br><br>
    Last Name:<br>
    <input type="text" size="25" name="lastname"<br><br><br>
    Email:<br>
    <input type="text" size="25" name="email"<br><br><br>
    Telephone Number:<br>
    <input type="text" size="25" name="telephone"<br><br><br>
    <input type="submit" value="Submit">

</form>

和我的 PHP 文件:

<?php
$con=mysqli_connect(sql307.byethost33.com, b33_13775589, *********, b33_13775589_murdermystery);
if (mysqli_connect_errno($con)) {
    echo "Failed to connect to MySQL: ".mysqli_conect_error();
}
$sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES ('$_POST [firstname]', '$_POST [lastname]',
'$_POST [email]', '$_POST [telephone]')";
if (!mysqli_query($con,$sql)) {
    die('Error: '.mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);

我在这里做错了什么?谢谢!

4

3 回答 3

0

看起来您的 INSERT 语句有问题。切换到 PDO 并使用准备好的语句来防止注入。我加mysqli_real_escape_string了一些帮助。

$sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES (
    '" . mysqli_real_escape_string($_POST["firstname"])."', 
    '" . mysqli_real_escape_string($_POST["lastname"]) . "', 
    '" . mysqli_real_escape_string($_POST["email"]) . "', 
    '" . mysqli_real_escape_string($_POST["telephone"]) . "')";
于 2013-09-23T01:54:41.520 回答
0

你确定你的表格是正确的吗?

HTML 代码: 

<form action="Sendtodatabase.php" method="POST" name="EmailForm">

        First Name:<br>
        <input type="text" size="25" name="firstname"><br><br>
        Last Name:<br>
        <input type="text" size="25" name="lastname"><br><br><br>
        Email:<br>
        <input type="text" size="25" name="email"><br><br><br>
        Telephone Number:<br>
        <input type="text" size="25" name="telephone"><br><br><br>
        <input type="submit" value="Submit">

</form>

PHP代码:

    <?php

    // validate to check if $_POST array have datas needed.
    print_r($_POST);
    exit;


    $con=mysqli_connect('sql307.byethost33.com', 'b33_13775589', '*********', 'b33_13775589_murdermystery');
    if (mysqli_connect_errno($con)) {
        echo "Failed to connect to MySQL: ".mysqli_conect_error();
    }
    $sql="INSERT INTO Murder (FirstName, LastName, Email, Telephone) VALUES (".$_POST ['firstname']", ".$_POST ['lastname'].",
    ".$_POST ['email'].", ".$_POST ['telephone'].")";
    if (!mysqli_query($con,$sql)) {
        die('Error: '.mysqli_error($con));
    }
    echo "1 record added";
    mysqli_close($con);
?>
于 2013-09-23T02:06:17.853 回答
0

从您在 HTML 部分中发布的代码中,您缺少在每个输入属性的名称之后放置“>”。请进行更正,您的代码已经可以顺利运行。

于 2013-09-23T02:56:50.207 回答