0

我是 PHP 和使用 mysql 的完全菜鸟,所以你知道我在 HMTL 和 CSS 方面有丰富的经验。我只需要在我的网站上创建一个表格,将表格中的信息上传到我的数据库。问题是单击“提交”按钮只会打开一个空白选项卡,其中包含我的 .php 文件的地址,并显示一个空白的白色屏幕。.php 如下。 

<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
connect to database! Please try again later.");
mysql_select_db($dbname);

$sql = "INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 

VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

$sql="INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName)

VALUES ('".$_POST[firstName]."', '".$_POST[lastName]."', '".$_POST[streetAddress]."', '".$_POST[city]."', '".$_POST[state]."', '".$_POST[zip]."', '".$_POST[country]."', '".$_POST[email]."', '".$_POST[phone]."', '".$_POST[badgeName]."')";
?>

现在从我读到的内容来看,这通常是由代码中的某种错误引起的。这对我来说很难,因为我不太了解 PHP,而且页面中的几乎所有内容都是从其他人的代码中获取的。大部分来自代码的帮助来自 godaddy.com(托管网站和数据库的地方)。

我已经测试以确保支持并启用 PHP,并且确实如此。我有一个已经可以正常工作的表单邮件程序。我已经设置了一个 DNS,我尝试了多种不同的语法,我已经打电话给技术支持,看看他们是否有什么问题,我已经将我的网站从 windows 迁移到了 linux,我所做的每一件事都会导致完全相同的空白屏幕。我毫不怀疑,毕竟这将是一个很容易修复或明显显而易见的事情,但如果有人可以看看我错过了什么,我将非常感激。

我接受了一些发布的答案后的新代码。我仍然收到通知,它仍然没有在我的数据库中插入任何内容。

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());

//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

//then you'll need to execute the query :)
mysql_query($sql); 
?>
4

5 回答 5

1

据我所知,这段代码只是连接到数据库并设置了一个变量 $sql。您实际上是在任何地方执行查询吗?您是否正在做任何事情以在屏幕上打印某些内容?

于 2013-10-08T22:06:58.610 回答
0

在 php 代码的最顶部包含这两行:

error_reporting(E_ALL);
ini_set('display_errors', '1');

它将启用错误报告,因此您将能够调试您的脚本。也许问题在于,在使用字符串索引名称时,应该使用“引号”来读取 $_POST 变量(以及任何数组类型变量):

 $_POST[firstName] must be written as follows:
 $_POST['firstName']

使该查询更安全(例如针对 sql 注入攻击)的一个好方法是对 POST 中的值进行转义,而不是将其直接传递给查询。

 $firstName = mysql_real_escape_string($_POST['firstName']);

POST 中的值将被转义,以便您可以将其传递给您的 SQL。

尝试使您的所有变量都这样做:

$sql = "INSERT INTO $usertable 
(firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

最后,您需要实际执行查询:

mysql_query($sql);

如果一切正常,您将看不到任何错误,但请务必启用此脚本的错误报告。当一切正常时记得删除错误报告。

于 2013-10-08T22:12:32.370 回答
0

就像其他人说的那样,将评论放在数组引用中。话虽如此,您确实需要转义 $_POST 变量以避免 SQL 注入,如果代码明确排序,它也更容易调试:)

使用有序代码,您可以键入 echo "some text";在您想要的任何接触点,以便您可以看到代码中断的位置。

在您的 php.ini 或代码 ( http://php.net/manual/en/function.error-reporting.php ) 中打开错误报告也是观察您无法预测的错误的最佳选择。

<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
echo "connected to mysql";
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());
echo "connected to database";    
//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

echo "sanitised input";
//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";
echo "build query: ".$sql;    
//then you'll need to execute the query :)
if (mysql_query($sql))
    echo "query success";
else 
    echo "query failed";

//ps you can ignore the last? >
于 2013-10-08T22:24:58.157 回答
0

首先

$_POST[firstname] should be $_POST['firstname']

第三

mysql_query($sql,$conn);

第二

$conn=mysql_connect(your parameters);
于 2013-10-08T22:10:07.400 回答
0

$_POST[firstName] should be $_POST['firstName'] and so on and

mysql_query($sql) or die('MySQL Error: ', mysql_error());

echo 'Data inserted';

You shouldn't not be using mysql_ now, its deprecated. Do it with PDO

于 2013-10-08T22:04:57.523 回答