添加新的mySQL表行与PHP不工作 [英] adding new mySQL table row with PHP doesn't work
问题描述
我有一个小形式:
<form id="plannerform" action="save.php" method="post">
<input id="plannername" placeholder=" " type="text" autocomplete="off" name="plannername">
<input id="plannersubmit" type="submit" value="eintragen">
</form>
可以看到 action =save.php
和 method =post
在文本输入上有 name =plannername 。
As you can see there is the action="save.php"
and method="post"
on the text-input there is name="plannername"
.
这是我的php:
$con = mysql_connect("myHost","myUser","myPW");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("myDB", $con);
$sql="INSERT INTO anmeldungen (FR_PM)
VALUES ('$_POST[plannername]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
FR_PM
。但是当我按提交,甚至不创建一个新行。什么都没发生。
但是当我使用mywebsite.com/save.php调用我的php时,它在我的表中添加了一个新行(FR_PM没有值,这很明显)
The FR_PM
is one column of my table. But when I press submit, not even a new row gets created. Nothing happens.
But when I call my php with "mywebsite.com/save.php" it adds a new row in my table (with no value at "FR_PM", what's pretty obvious)
我做错了什么?
推荐答案
您需要学习的一件事初学者,你应该尽量避免使用 mysql _ *
函数这是贬值,它不再支持在php。而是使用 mysqli _ *
与预准备的语句,或使用PDO准备的语句。
one of the things that you need to learn if you are a beginner, you should try by all means to stay away from using mysql_*
function this is depreciated and its no longer supported in php. instead use mysqli_*
with prepared statements, or use PDO prepared statements.
准备的statings使你的代码看起来干净,它很容易调试。
prepared statments make you code looks clean and its easy to debug.
这是你准备好的语句的例子。
this is you example with prepared statements.
<form id="plannerform" action="save.php" method="post">
<input id="plannername" placeholder=" " type="text" autocomplete="off" name="plannername">
<input id="plannersubmit" type="submit" value="eintragen" name="submit">
</form>
ave.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['submit'])) {
if (empty($_POST['plannername'])) {
die("Enter plannername");
} else {
// prepare and bind
$stmt = $conn->prepare("INSERT INTO anmeldungen (FR_PM) VALUES (?)");
$stmt->bind_param("s", $_POST['plannername']);
if ($stmt->execute()) {
echo "New records created successfully";
} else {
echo "Could not insert record";
}
$stmt->close();
}
}
?>
我使用预编译语句的原因:
The reason I used prepared statements :
- 准备的语句减少了解析时间,因为
查询的准备只做一次(尽管语句执行多次
次) - 绑定参数最小化到服务器的带宽,因为您需要每次只发送参数
,而不是整个查询 - 准备的语句对于SQL注入非常有用,因为
参数值,稍后使用不同的
协议传输,不需要正确转义。如果原始语句
模板不是从外部输入派生的,则SQL注入不能
。
但是当我使用mywebsite.com/save.php调用我的php时,它在我的表中添加了一个新行
(在FR_PM没有值,这很明显)
But when I call my php with "mywebsite.com/save.php" it adds a new row in my table (with no value at "FR_PM", what's pretty obvious)
我该怎么办?
如果表单提交之前你可以实际处理任何事情。
Well do prevent that from happening you need to check if the form was submitted before you can actual process any thing.
注意:如果我们要从外部来源插入任何数据数据被清理
并验证。总是将来自表单的输入视为来自非常
危险黑客的输入
这篇关于添加新的mySQL表行与PHP不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!