MYSQL没有向我的数据库添加信息 [英] MYSQL isn't adding info to my database
问题描述
我有一个表单,我用它来向数据库添加信息,但查询将无法正常运行,并且根本没有添加信息。
I have a form that I am using to add information to a database, but the query will not run properly and the information is not being added at all.
这是我试图执行的php代码,但是它会一直发出第一个错误或完全转到最后一个else语句:
This is the php code I am trying to execute, but it keeps hitting the first error or completely going to the last else statement:
<?php
if (!isset ($_POST['submit']))
{
include ("add_contact.php");
}
else
{
$name = $_POST['Name'];
$phone_num = $_POST['main_num'];
$sec_num = $_POST['sec_num'];
$email = $_POST['email'];
$cus_type=$_POST['cusType'];
$business = $_POST['business'];
$address = $_POST['address'];
$service = $_POST['service'];
$notes = $_POST['comment'];
include ("dbcon.php");
fopen ("dbcon.php", "r"); //used because of bad experiences prior with include() only
if ($cus_type == 'Corporate'){
$result = mysqli_query($connect,"INSERT INTO customers WHERE ('$name', '$phone_num', '$cus_type', '$sec_num', '$email', '$address', '$business', '$service', '$notes') ");
if ($result){
echo "Thank you for adding the Contact to the Database!";
}
else{
echo "ERROR: Corporate Customer Not Added to Database";
}
}
else if ($cus_type == 'Private'){
$result = mysqli_query($connect,"INSERT INTO private_customers WHERE ('$name', '$phone_num', '$cus_type', '$sec_num', '$email', '$address', '$business', '$service', '$notes') ");
if ($result){
echo "Thank you for adding the Contact to the Database!";
}
else{
echo "ERROR: Private Customer Not Added to Database";
}
}
else{
echo "Contact Invalid. Please Try Again.";
}
}
?>
任何评论或答案都有助于发现我的代码中出现了什么问题。还要注意,这是一个公司的内部网站,这里没有人(除了告诉我这个的人)知道MYSQL和PHP。
Any comments or answers would be helpful to spot what is going wrong in my code. Also just a note, this is for an internal website for a company and no one here (besides the one who told me to make this) knows MYSQL and PHP.
推荐答案
你有无效的插入语法这是有效的语法
you have invalid insert syntax this is the valid syntax
INSERT INTO customers (field1, field2) VALUES (val1, val2);
你也有一个严重的sql注入vunerability ..你应该看这里寻求帮助
also you have a serious sql injection vunerability.. you should look HERE for help on that
我建议你使用参数化查询和准备好的语句......这个 SO POST 很好地涵盖了它
I would recommend you use parameterized queries and prepared statements... this SO POST covers it nicely
所以我不是只在这里提供链接答案是示例你应该做什么
just so i'm not only providing a link only answer here is a sample of what you should do
$mysqli = new mysqli("server", "username", "password", "database_name");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$qry = $mysqli->prepare('INSERT INTO customers (name, phone, type, section, email, address, business, service, notes) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$qry->bind_param('s', $name, $phone_num, $sec_num, $email, $cus_type, $business, $address, $service, $notes);
// can do it in one statement rather than multiples..
//$qry->bind_param('s', $name);
//$qry->bind_param('s', $phone_num);
//$qry->bind_param('s', $sec_num);
//$qry->bind_param('s', $email);
//$qry->bind_param('s', $cus_type);
//$qry->bind_param('s', $business);
//$qry->bind_param('s', $address);
//$qry->bind_param('s', $service);
//$qry->bind_param('s', $notes);
$qry->execute();
$qry->close();
EDIT2:
你必须是新的编程..你的if()语句将永远执行...意味着你总是要插入数据库..这就是为什么..
you must be new to programming.. your if() statement will ALWAYS get executed... meaning you are always going to insert into the database.. this is why..
if($ cus_type = $ _POST ['Corporate']){
这里$ cus_type等于其他名称 $ _ POST ['cusType' ] 但是在if语句中你将它分配给$ _POST ['Corporate'] ...它总是会执行,因为它是一个真正的语句..
这就是if语句被执行的方式逻辑上..
if ($cus_type = $_POST['Corporate']){
here $cus_type is equal to something else aka $_POST['cusType'] but in the if statement you are assigning it to $_POST['Corporate']... which will always execute because its a true statement..
this is how if statements get executed logically..
if(boolean statement){
//executes when true
};
if(true){
//always executes
};
if('a' == 'b'){
//will not execute
};
$a = 'a';
$b = 'b';
if($a == $b){
//will not execute
};
if($a = $b){
//will always execute because its assigning the value which is a boolean true statement.
};
这篇关于MYSQL没有向我的数据库添加信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
