1. 首页
  2. 问答
  3. 表单说它的发送,但没有数据显示在数据库中

表单说它的发送,但没有数据显示在数据库中

2014-12-04 83 views
0

我是PHP新手,仍然试图让我的头围绕它。这种形式表示数据已经发送到数据库,但是当我看到数据库是空的,没有错误出现?我的代码有问题吗?表单说它的发送,但没有数据显示在数据库中

注意:我知道这个表单不受SQL注入保护。

HTML

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Page 3 Form</h2><hr/> 
       <span id="error"> 

       </span> 
       <form action="page4_insertdata.php" method="post"> 

        <label>Company Name :<span>*</span></label><br /> 
        <input name="company_name" type="text" placeholder="Joes Cleaner" required> 
        <br /> 

        <label>Ref :<span>*</span></label><br /> 
        <input name="ref" type="text" placeholder="H123" required> 
        <br /> 

        <label>Website :<span>*</span></label><br /> 
        <input name="website" type="text" placeholder="www.google.com" required> 
        <br /> 

        <label>Email :<span>*</span></label><br /> 
        <input name="email" type="email" placeholder="[email protected]" required> 
        <br /> 

        <label>Telephone :<span>*</span></label><br /> 
        <input name="tel" type="text" placeholder="07123456789" required> 
        <br /> 

        <label>Message :<span>*</span></label><br /> 
        <input name="message" id="message" type="text" size="500" required> 
        <br /> 



        <input type="reset" value="Reset" /> 
        <input name="submit" type="submit" value="Submit" /> 

       </form> 
      </div> 

     </div> 
    </body> 
</html>

PHP

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>PHP Multi Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Multi Page Form</h2><hr/> 

       <?php 

          $servername = "localhost"; 
          $db_database = 'form'; 
          $username = "root"; 
          $password = ""; 

          // Create connection 
          $conn = new mysqli($servername, $username, $password); 

          // Check connection 
          if ($conn->connect_error) { 
           die("Connection failed: " . $conn->connect_error); 
          } 
          echo "DB Connected successfully. "; 


          $company_name = $_POST['company_name']; 
          $ref = $_POST['ref']; 
          $website = $_POST['website']; 
          $email = $_POST['email']; 
          $tel = $_POST['tel']; 
          $message = $_POST['message']; 


          $sql = "INSERT INTO detail (company_name,ref,website,email,tel,message) 
          VALUES ('$company_name','$ref','$website','$email','$tel','$message')"; 

          if($sql){ 
          echo " Database Sent."; 
          } 
          else { 
          echo "ERROR to insert into database"; 
          }; 
       ?> 
      </div> 

     </div> 
    </body> 
</html>

来源

2014-12-04 jl5660

+2

你是不是真正执行查询。 – 2014-12-04 16:08:38

+0

**危险**:您很容易[SQL注入攻击](http://bobby-tables.com/)**,您需要[防御](http://stackoverflow.com/questions/ 60174/best-way-to-prevent-sql -injection-in-php)自己从。 – Quentin 2014-12-04 16:09:21

+0

我知道我只是想让它首先工作。 – jl5660 2014-12-04 16:10:11

回答

2

更改下面的代码:

if($sql){ 
echo " Database Sent."; 
} 
else { 
echo "ERROR to insert into database"; 
};

要:

$result = $conn->query($sql); 
if($result){ 
    echo " Database Sent."; 
} 
else { 
    echo "ERROR to insert into database"; 
};

这样你实际上是在执行查询和查询的故障检查...

为了使您的查询比较安全,请尝试以下操作:

$sql = " 
    INSERT INTO detail (
     company_name, 
     ref, 
     website, 
     email, 
     tel, 
     message 
    ) 
    VALUES (
     '" . mysqli_real_escape_string($company_name) . "', 
     '" . mysqli_real_escape_string($ref) . "', 
     '" . mysqli_real_escape_string($website) . "', 
     '" . mysqli_real_escape_string($email) . "', 
     '" . mysqli_real_escape_string($tel) . "', 
     '" . mysqli_real_escape_string($message) . "' 
    )";

更好的是,通过替换$sql实例化和查询执行($conn->query())来使用params绑定。第i个以下:

$stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)"); 
$stmt->bind_param('ssssss', $company_name, $ref, $website, $email, $tel, $message); 
$stmt->execute();

您可以通过访问绑定与mysqli的参数读了PHP: mysqli_stmt::bind_param - Manual

完整代码:

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>PHP Multi Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Multi Page Form</h2><hr/> 

       <?php 

          $servername = "localhost"; 
          $db_database = 'form'; 
          $username = "root"; 
          $password = ""; 

          // Create connection 
          $conn = new mysqli($servername, $username, $password, $db_database); 

          // Check connection 
          if ($conn->connect_error) { 
           die("Connection failed: " . $conn->connect_error); 
          } 
          echo "DB Connected successfully. "; 

          $stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)"); 
          $stmt->bind_param('ssssss', 
           $_REQUEST['company_name'], 
           $_REQUEST['ref'], 
           $_REQUEST['website'], 
           $_REQUEST['email'], 
           $_REQUEST['tel'], 
           $_REQUEST['message'] 
          ); 

          if($stmt->execute()) { 
           echo " Database Sent."; 
          } else { 
           echo "ERROR to insert into database: " . $stmt->error; 
          }; 
       ?> 
      </div> 

     </div> 
    </body> 
</html>

来源

2014-12-04 16:10:32 RichardBernards

0

你的arent实际发送的查询,你设定的变量$ sql =“INSERT .....” 这总是如此。

你需要做的:

$result = $mysqli->query($sql); 


if ($result......)

来源

2014-12-04 16:10:58 bart2puck

相关问题

 相关问题