0

我正在尝试将post数据形成为mysql. 但我对所有角色都感到非常困惑和厌倦。我想我缺少一些字符或添加了太多字符!php请帮我将此表格传递到mysql.

浏览器对此行错误作出反应:

"'" . $_POST['credit_card_expiration'] ."',".);

这是代码:

<?php
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php
        //let's create the query
        $insert_query = "INSERT INTO order (".
        "name,".
        "email_address,".
        "membership_type".
        "terms_and_conditions,".
        "name_on_card,".
        "credit_card_number,".
        "credit_card_expiration_data,".
        ") values 
    (".
        "'" . $_POST['name'] . "', ".
        "'" . $_POST['email_address'] . "',".
        "'" . $_POST['membership_type'] . "',".
        "'" . $_POST['terms_and_conditions'] . "',".
        "'" . $_POST['name_on_card'] . "',".
        "'" . $_POST['credit_card_number'] . "',".
        "'" . $_POST['credit_card_expiration'] ."',".);

        //let's run the query
        mysql_query($insert_query);
        ?>
    </body>
</html>

我的表格:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form method="post" action="form_process.php">
Name on card: 
<input type="text" name="name_on_card"><br />
Credit card number:
<input type="text" name="credit_card_number"><br />
Credit card Expiration date: 
<input type="text" name="credit_card_expiration_date"><br />

<input type="hidden" name="name"
 value="<?php echo $_POST['name']; ?>">

<input type="hidden" name="email_address"
 value="<?php echo $_POST['email_address']; ?>">

<input type="hidden" name="membership_type"
 value="<?php echo $_POST['membership_type']; ?>">

<input type="hidden" name="terms_and_conditions"
  value="<?php echo $_POST['terms_and_conditions']; ?>">

<input type="submit" value="Submit">
</form>
</body>
</html>
4

7 回答 7

2
  1. 不要使用 mysql_ 函数(为什么我不应该在 PHP 中使用 mysql_* 函数?
  2. $_POST['credit_card_expiration'] ."',".);最后一个“,”。不应该在那里
  3. 我们需要查看表格才能给您正确的答案
  4. 过滤输入(或在此处阅读有关 SQL 注入的信息:如何防止 PHP 中的 SQL 注入?)。请。
于 2013-10-16T10:09:04.957 回答
1

我完全同意@opalenzuela。1.我必须编辑:见http://php.net/manual/de/book.pdo.php

和 2. 您还错过了成员资格类型之后的“,”,并且您的最后一个“)”不是字符串的一部分,因为它应该是。

所以正确的代码是:

<?php 
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php"; 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

//let's create the query
$insert_query = "INSERT INTO order (".
"name,".
"email_address,".
"membership_type,".
"terms_and_conditions,".
"name_on_card,".
"credit_card_number,".
"credit_card_expiration_data,".
") values 
(".
"'" . $_POST['name'] . "', ".
"'" . $_POST['email_address'] . "',".
"'" . $_POST['membership_type'] . "',".
"'" . $_POST['terms_and_conditions'] . "',".
"'" . $_POST['name_on_card'] . "',".
"'" . $_POST['credit_card_number'] . "',".
"'" . $_POST['credit_card_expiration'] ."')";

//let's run the query
mysql_query($insert_query);

?>
</body>
</html>

下一个建议是将您的 $_POST 值放入变量中,这样更容易阅读。此外,如果您换行,则不必附加字符串,只需继续编写即可。在此之后,您的代码将如下所示:

<?php 
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php"; 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

$name                   = $_POST['name'];
$email_address          = $_POST['email_address'];
$membership_type        = $_POST['membership_type'];
$terms_and_conditions   = $_POST['terms_and_conditions'];
$name_on_card           = $_POST['name_on_card'];
$credit_card_number     = $_POST['credit_card_number'];
$credit_card_expiration = $_POST['credit_card_expiration'];

//let's create the query
$insert_query = "INSERT INTO order (
    name
    email_address,
    membership_type,
    terms_and_conditions,
    name_on_card,
    credit_card_number,
    credit_card_expiration_data
) values (
    '$name',
    '$email_address',
    '$membership_type',
    '$terms_and_conditions',
    '$name_on_card',
    '$credit_card_number',
    '$credit_card_expiration')";

//let's run the query
mysql_query($insert_query);

?>
</body>
</html>
于 2013-10-16T10:16:48.270 回答
0

The code should be

"'" . $_POST['credit_card_expiration'] ."')";

instead of 

"'" . $_POST['credit_card_expiration'] ."',".);

Try this,

 $insert_query = "INSERT INTO order (
                        name,
                        email_address,
                        membership_type,
                        terms_and_conditions,
                        name_on_card,
                        credit_card_number,
                        credit_card_expiration_data) 
                        values (".
                        "'" . $_POST['name'] . "', ".
                        "'" . $_POST['email_address'] . "',".
                        "'" . $_POST['membership_type'] . "',".
                        "'" . $_POST['terms_and_conditions'] . "',".
                        "'" . $_POST['name_on_card'] . "',".
                        "'" . $_POST['credit_card_number'] . "',".
                        "'" . $_POST['credit_card_expiration'] ."')";
于 2013-10-16T10:12:39.423 回答
0

您的查询在最后一个值之后有一个值分隔符(逗号),它也没有结束括号。改变 :

"'" . $_POST['credit_card_expiration'] ."',".);


"'" . $_POST['credit_card_expiration'] ."')");
于 2013-10-16T10:09:48.257 回答
0

改变

"'" . $_POST['credit_card_expiration'] ."',".);

有了这个

"'" . $_POST['credit_card_expiration'] ."')";

并且不要使用mysql_*函数,扩展名已被弃用

编辑:

并在后面加逗号membership_type!!我忘记了

于 2013-10-16T10:09:11.877 回答
0

为什么你有."',".最后?

"'" . $_POST['credit_card_expiration'] ."',".);
                                            ^ create an error
"'" . $_POST['credit_card_expiration']);

此外,当连接无用时,您可以使用它。.仅在为 axample 连接变量和字符串时使用

$insert_query = "INSERT INTO order (
name,
email_address,
membership_type,
terms_and_conditions,
name_on_card,
credit_card_number,
credit_card_expiration_data) 
values ('"
.$_POST['name']."','"
.$_POST['email_address'] . "','"
.$_POST['membership_type'] . "','"
.$_POST['terms_and_conditions'] . "','"
.$_POST['name_on_card'] . "','"
.$_POST['credit_card_number'] . "','"
.$_POST['credit_card_expiration']);
于 2013-10-16T10:10:51.760 回答
0

我已经修改了你的查询,试试这个,

                 $insert_query = "INSERT INTO order (
    'name',
    'email_address',
    'membership_type',
    'terms_and_conditions'
    'name_on_card'
    'credit_card_number',
    'credit_card_expiration_data')values ('".$_POST["name"]."','".$_POST["email_address"]."','".$_POST["membership_type"]."','".$_POST["terms_and_conditions"]."','".$_POST["name_on_card"]."','".$_POST["credit_card_number"]."','".$_POST["credit_card_expiration"]."')";
于 2013-10-16T10:32:26.607 回答