无法从表单将数据发送到mysql [英] Cannot send the data into mysql from form
问题描述
我正在尝试从表单发送数据,但是它发送的是名称而不是输入框的值.文件正确上传,输入框名称也上传,但我需要输入值.
I am trying to send data from form but its sending the name in stead of value of the input box. File is uploading properly and the input box name is uploading too but I need to put the values.
<form action="intern.php" enctype="multipart/form-data" method="post" autocomplete="off">
<h3 class="register-heading">Want to be a <strong>learner Bee</strong>?</h3>
<div class="row register-form">
<div class="col-md-6">
<div class="form-group">
<input type="text" class="form-control" name="iname" placeholder="Your Certificates name" value="" required />
</div>
<div class="form-group">
<input type="text" class="form-control" maxlength="14" minlength="10" name="icon" placeholder="Your 24/7 opened Phone Number" value="" required />
</div>
<div class="form-group">
<input type="text" class="form-control" name="ildegree" placeholder="University you are graduating from" value="" required />
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="iaboutus" placeholder="What you know about us!" value="" required ></textarea>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="iaddress" placeholder="Your present address " value="" required ></textarea>
</div>
<div class="form-group" >
<label class="form-control" for="iapply"><input name="icvfile" style=" border: 0; clip: rect(1px, 1px, 1px, 1px); height: 1px; margin: -1px; overflow: hidden; padding: 0; position: absolute; width: 1px;" type="file" name="" id="iapply" accept=".doc, .docx, .pdf, .png, .jpg, . ppt, .pptx" required>Click here to upload your CV</label>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<input class="form-control" name="inname" placeholder="Nick Name you like to called by" value="" required />
</div>
<div class="form-group">
<input type="email" name="iemail" class="form-control" placeholder="Your own mostly used Electronic mail" value="" required />
</div>
<div class="form-group">
<select class="form-control" name="icontrib" required>
<option class="hidden" selected disabled>How you can contribute us?</option>
<option>Graphic Design</option>
<option>Sales</option>
<option>Creative Idea Generation</option>
</select>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="ixp" placeholder="Your past working experience in short" value="" required ></textarea>
</div>
<div class="form-group">
<textarea type="text" class="form-control" name="ifgoal" placeholder="Where you want to see yourself after 10 years!" value="" required ></textarea>
</div>
<input type="submit" class="btnRegister" name="isubmit" value="Submit"/>
</div>
</div>
</form>
上方是我需要填写的表格.只是卡在某个地方,无法找到.
Upper one is the form that I need to filled. Just stuck somewhere, cannot find out.
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
}
$sql = "INSERT INTO Intern (Name, Contact, University, AboutUs, Address, NickName, Email, Contribution, Experience, FutureGoal) VALUES ('iname', 'icon', 'ildegree', 'iaboutus', 'iaddress', 'inname', 'iemail', 'icontrib', 'ixp', 'ifgoal')";
//Filename upload
$user=$_POST['inname'];
$cont=$_POST['icon'];
//$filename=basename($_FILES["file"]["name"]);
$tmp=$_FILES["icvfile"]["tmp_name"];
$extension = explode("/", $_FILES["icvfile"]["type"]);
$name=$user.".".$extension[1];
move_uploaded_file($tmp, "recruitment_cv/" . $user. "-" .$cont .".".$extension[1]);
if (mysqli_query($conn, $sql)) {
header("Location: https://teambbc.asia/congratulations.html");
} else {
echo "Error: " . $sql . "" . mysqli_error($conn);
header("Location: https://teambbc.asia/error.html");
}
$conn->close();
}
我与数据库的连接很好,我没有考虑这一点.
My connnection with database is okey, I am not thinking about that one.
推荐答案
您的问题:
您要插入 String 的[ ref ]而不是 Variable 的[
Your Problem:
You are inserting Strings [ref] rather than Variables [ref] in to your SQL.
请参阅:
$sql = "INSERT INTO Intern (Name, Contact, University, .... )
VALUES ('iname', 'icon', 'ildegree', .... )";
'quotes'中的值是MySQL字符串文字.这些值为 NOT PHP变量.因此,无论您向PHP提供什么可变数据,它们都将是相同的.
The values in 'quotes' are MySQL string literals. These values are NOT PHP variables. So they will be the same, no matter what variable data you give to PHP.
要解决此问题,您需要了解当您提交表格超全局变量$_POST/$_GET和$_REQUEST填充有表单数据.
To fix this, you need to understand that when you submit a form the superglobals $_POST/$_GET and $_REQUEST are populated with the form data.
示例:
HTML:
<form action="intern.php" enctype="multipart/form-data" method="post" autocomplete="off">
<input type="text" class="form-control" name="iname" placeholder="Your Certificates name" value="" required />
<input type='submit' value='Button to submit the form'>
</form>
PHP:
if(!empty($_POST['iname'])){
print_r($_POST['iname']); // This will output the value entered into the form for the iname form element.
}
因此将其应用于您的SQL:
您需要非常基础将您的strings转换为variables:
So Applying This To Your SQL:
You need to at a very basic level turn your strings into variables:
$sql = "INSERT INTO Intern (Name, Contact, University, .... )
VALUES ('".$_POST['iname']."', '".$_POST['icon']."', '".$_POST['ildegree']."', .... )";
但是:
这是完全不安全的.
您绝不能信任用户提交的数据. 永远.
YOU MUST NEVER, EVER TRUST USER SUBMITTED DATA. EVER.
By using Prepared Statements; either PDO or MySQLi.
我的示例将使用面向对象的MySQLi预准备语句:
My example here will use Object Orientated MySQLi Prepared Statements:
$sql = "INSERT INTO Intern (Name, Contact, University) VALUES (?,?,?)";
$insert = $conn->prepare($sql);
/***
* See https://www.php.net/manual/en/mysqli-stmt.bind-param.php
* You can add multiple values at once:
***/
$insert->bind_param("sss", $_POST['iname'],$_POST['icon'],$_POST['ildegree']);
$insert->execute();
这将安全,轻松地将数据(例如,仅三位数据,但您应该明白这一点)插入数据库中.
This will insert the data (example only three bits of data but you should get the idea), safely and easily into your database.
由于简单性和冗长性,我错过了很多东西,因此您应该继续阅读如何熟练使用PDO/MySQLi .
There is a lot I have missed out for simplicity and verboseness, so you should read up on how to use PDO/MySQLi proficiently.
- One
?in the SQL string for each placeholder. - One value letter in the
bind_paramfor each placeholder value. The value, and the corresponding value letter (i,s,d,b) MUST match the SQL column type (you can't insert string-type (s) values into integer-type columns (INT,TINYINT, etc.). - In MySQLi order is important, the first
?will relate to the firstbind_paramvalue (in the example codeblock above,$_POST['iname']).
您的某些MySQL PHP代码使用过程交互和功能-而您的某些MySQL PHP代码使用面向对象的交互和功能.这些内容不能混用,会给您带来错误和不一致之处.
Some of your MySQL PHP code uses procedural interactions, and functions - and some of your MySQL PHP code uses Object Orientated interactions and functions. These CAN NOT BE MIXED and will result in errors and inconsistencies for you.
始终使用对象定向的PHP/MYSQL交互 参考
面向对象的交互使用->语法.
Objct orientated interactions use the -> syntax.
您有:
if ($conn->connect_error) {
error_log("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
}
这是面向对象的.这是最好的.
This is Object Orientated. This is best.
但是:
mysqli_query($conn, $sql);
这是程序性的.这不是最好的.此行的OO版本为$var = $conn->query($sql).
This is Procedural. This is not best. The OO version of this line would be $var = $conn->query($sql).
Do not use
dieto output error messages to the screen, error messages should always be output to the error log file.
在使用header("Location: ... ");时,必须始终在其后放置die()或exit:
When using header("Location: ... "); you must always put die() or exit afterwards:
示例:
if ($conn->connect_error) {
error_log("Connection failed: " . $conn->connect_error);
header("Location: https://teambbc.asia/error.html");
exit;
}
这篇关于无法从表单将数据发送到mysql的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
