如何将信息从HTML表单写入MySQL数据库 [英] How to write information from html form to MySQL Database

问题描述

好吧，所以我要建立一个上面有表格的网站，我想将用户键入的所有信息保存到我的MySQL数据库中.表单的编码如下:

Alright, so I'm setting up a website that has a form on it and I want to save all the information that the user types into the form to my MySQL Database. The form is coded like this:

<form method="post" action="claim.php" name="ClaimForm" id="ClaimForm" autocomplete="on">
    <fieldset>
        <legend>Contact Details</legend>
        <div>
            <label for="firstname" accesskey="U">Your First Name</label>
            <input name="firstname" type="text" id="firstname" placeholder="Enter your name" required />
        </div>
        <div>
            <label for="lastname" accesskey="U">Your Last Name</label>
            <input name="lastname" type="text" id="lastname" placeholder="Enter your name" required />
        </div>
        <div>
            <label for="email" accesskey="E">Email</label>
            <input name="email" type="email" id="email" placeholder="Enter your Email Address" pattern="^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$" required />
        </div>
        <div>
            <label for="streetaddress">Street Address</label>
            <input name="streetaddress" type="text" id="streetaddress" placeholder="123 Stanley dr." required />
        </div>
        <div>
            <label for="postalcode">Postal Code</label>
            <input name="postalcode" type="text" id="postalcode" placeholder="12345, A1B 2C3, etc." required />
        </div>
        <label for="city">City</label>
        <input name="city" type="text" id="city" placeholder="Schenectady" required />
        <div>
            <label for="state">State/Province</label>
            <input name="state" type="text" id="state" placeholder="New York" required />
        </div>
        <div>
            <label for="country">Country</label>
            <input name="country" type="text" id="country" placeholder="United States" required />
        </div>
    </fieldset>
    <fieldset>
        <legend>Extra</legend>
        <div>
            <label for="controllers" accesskey="S">Number of Controllers</label>
            <select name="controllers" id="controllers" required="required">
                <option value="0">0</option>
                <option value="1">1</option>
                <option value="2">2</option>
                <option value="3">3</option>
                <option value="4">4</option>
                <option value="5">5</option>
            </select>
        </div>
        <div>
            <label for="color" accesskey="C">Color</label>
            <select name="color" id="color" required="required">
                <option value="Black">Black</option>
                <option value="White">White</option>
                <option value="Red">Red</option>
                <option value="Blue">Blue</option>
                <option value="Gold">Gold</option>
                <option value="Purple">Purple</option>
            </select>
        </div>
    </fieldset>
    <fieldset>
        <legend>Captcha Verification</legend>
        <label for="verify" accesskey="V" class="verify"><img src="captcha.php" alt="Verification code" /></label>
        <input name="verify" type="text" id="verify" size="6" required style="width: 50px;" title="This confirms you are a human user and not a spam-bot." />
    </fieldset>
    <input type="submit" class="submit" id="submit" value="Submit" />
</form>

我尝试在Claim.php中使用以下代码尝试将其保存到数据库中:

I tried using this code in Claim.php to try and save that to the database:

<?php
$mysql_host     = "localhost";
$mysql_username = "username";
$mysql_password = "password";
$mysql_database = "database";

mysql_select_db($mysql_database, mysql_connect($mysql_host, $mysql_username, $mysql_password));
//Sending form data to sql db.
mysqli_query("INSERT INTO Information (Firstname,Lastname,Email,StreetAddress,PostalCode,City,StateProvince,Country,Controllers,Color) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[streetaddress]','$_POST[postalcode]','$_POST[city]','$_POST[state]','$_POST[country]','$_POST[conrollers]','$_POST[color]'))");
?>

我的代码有什么问题吗?还是我的数据库结构错误?我刚刚开始学习如何编码，这使我感到困惑.

Is there anything wrong with my code? Or is my database structured wrong? I just started learning how to code and this is confusing me.

我的数据库结构图:

推荐答案

请使用mysqli.我已经更改了您的代码以准备插入.

Please use mysqli. I have altered your code to prepare the insert instead.

如果不这样做，那将是一个巨大的SQL注入派对.

If you didn't, it would be a huge SQL injection party.

此外，要访问$_POST，您应该提供一个字符串索引，例如$_POST['firstname'].尽管它像$_POST[firstname]一样工作，但是PHP会发出警告.

Also, to access $_POST, you should give a string index, like $_POST['firstname']. Though it works like $_POST[firstname], PHP will emit a warning.

<?php
$mysql_host     = "localhost";
$mysql_username = "username";
$mysql_password = "password";
$mysql_database = "database";

$mysqli  = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database);
$prepare = $mysqli->prepare("INSERT INTO `Information`(`Firstname`,`Lastname`,`Email`,`StreetAddress`,`PostalCode`,`City`,`StateProvince`,`Country`,`Controllers`,`Color`) VALUES (?,?,?,?,?,?,?,?,?,?)");
$prepare->bind_param("ssssssssss", $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['streetaddress'], $_POST['postalcode'], $_POST['city'], $_POST['state'], $_POST['country'], $_POST['controllers'], $_POST['color']);
$prepare->execute();
$mysqli->close();
?>

这篇关于如何将信息从HTML表单写入MySQL数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！