PHP表单不能插入mySQL数据库 [英] PHP form not inserting into mySQL database
问题描述
我试图从表单中将两个文本字段拖入基本的MySQL数据库,这给我带来了麻烦。所以这里是我的两个文件,首先是HTML表单:
<!DOCTYPE html>
< html>
< body>
< title>主页< / title>
< h3>请在下方下订单:< / h3>
< form action =tacoOrder.phpmethod =POST/>
< p>名称:< input type =textname =name/>< / p>
< p> Taco订单:< input type =textname =tacoOrder/>< / p>
< input type =submitvalue =Submit/>
< / form>
< / body>
< / html>
和PHP:
<?php
define('DB_NAME','tacoPractice');
define('DB_USER','root');
define('DB_PASS','root');
define('DB_HOST','localhost');
$ link = mysql_connect(DB_HOST,DB_USER,DB_PASS);
$ b $ if if(!$ link)
{
die('Could not connect to database:'。mysql_error());
}
$ db_select = mysql_select_db(DB_NAME);
$ b $如果(!$ db_select)
{
die('不能使用'.DB_NAME'':'。mysql_error());
}
回声HOLY EFF;
$ name = $ _POST('name');
$ tacoOrder = $ _POST('tacoOrder');
$ query =INSERT INTO orders('name','tacoOrder')VALUES('{$ name}','{$ tacoOrder}');
if(!mysql_query($ query)
{
die(DAMMIT);
}
$ mysql_close();
?>
它没有给出连接错误,但没有插入数据进入我的数据库。任何想法?
谢谢。
已经给了你答案了,补充一下,你在列名周围使用了引号,这些引用应该反引号或者完全删除引号。
更改:
INSERT INTO订单('name','tacoOrder')
^ ^ ^ ^
$ b 到
INSERT INTO orders(`name`,`` tacoOrder`)
或
INSERT INTO订单(名称,tacoOrder)
或作为完整答案:
$ name = $ _POST ['name'];
$ tacoOrder = $ _POST ['tacoOrder'];
$ query =INSERT INTO or ders(`name`,`tacoOrder`)VALUES('$ name','$ tacoOrder');
旁注:不需要反引号,但不能使用列名的单引号。这只是一种习惯,我自己在列名中使用反引号。
另外,这个 $ mysql_close(); 不应该在 mysql_close 但 $ link $ c>在括号内:
更改为 mysql_close($ link);
然而正如Alien先生所指出的那样, mysql_close( ) 是可选的(感谢您)
您还有一个缺少)应该读作 if(!mysql_query($ query))中的$ c> >
请考虑使用预处理语句或PDO切换到 mysqli _ * 函数。 mysql_ * 函数已被弃用,并将从未来版本中删除。
完全重写:
$ p $ <?php
define('DB_NAME','tacoPractice');
define('DB_USER','root');
define('DB_PASS','root');
define('DB_HOST','localhost');
$ link = mysql_connect(DB_HOST,DB_USER,DB_PASS);
$ b $ if if(!$ link)
{
die('Could not connect to database:'。mysql_error());
}
$ db_select = mysql_select_db(DB_NAME);
$ b $如果(!$ db_select)
{
die('不能使用'.DB_NAME'':'。mysql_error());
}
回声HOLY EFF;
$ name = $ _POST ['name'];
$ tacoOrder = $ _POST ['tacoOrder'];
$ query =INSERT INTO orders(name,tacoOrder)VALUES('$ name','$ tacoOrder');
if(!mysql_query($ query))
{
die(DAMMIT);
}
else {echo成功; }
mysql_close();
?>
您也可以使用稍微不同的此方法:
$ query = mysql_query(INSERT INTO orders(name,tacoOrder)VALUES('$ name','$ tacoOrder'));
if(!$ query){
die('Invalid query:'。mysql_error());
}
else {echo成功; }
脚注
您在获取空数据条目方面存在风险,因为您没有检查表单元素是否为空。
你可以使用一个条件语句来表达:
if(!empty($ _ POST ['name'])|| ($ _ POST ['tacoOrder']))
{
//继续处理代码
}
另外,使用Awlad在 中提到的答案关于使用 mysql_real_escape_string()
您也可以在这里阅读一篇好文章SO 如何防止PHP中的SQL注入?
这是一个基本的 mysqli _ * 方法,其中 mysqli_real_escape_string()函数和一个条件语句来检查是否有任何字段是em如果其中一个字段留空,查询将不会执行。
>
<?php
define('DB_NAME','tacoPractice');
define('DB_USER','root');
define('DB_PASS','root');
define('DB_HOST','localhost');
$ link = mysqli_connect(DB_HOST,DB_USER,DB_PASS);
$ b $ if if(!$ link)
{
die('无法连接到数据库:'。mysqli_error());
}
$ db_select = mysqli_select_db($ link,DB_NAME);
$ b $ if if(!$ db_select)
{
die('不能使用'.DB_NAME'':'。mysqli_error());
}
回声HOLY EFF;
$ name = mysqli_real_escape_string($ link,$ _ POST ['name']);
$ tacoOrder = mysqli_real_escape_string($ link,$ _ POST ['tacoOrder']);
$ b $ if(!empty($ _ POST ['name'])||!empty($ _ POST ['tacoOrder'])){
$ query =INSERT INTO订单(名称,tacoOrder)VALUES('$ name','$ tacoOrder');
if(!mysqli_query($ link,$ query))
{
die(DAMMIT);
}
else {echo成功; }
mysqli_close($ link);
}
?>
I am trying to pull two text fields from a form down into a basic mySQL DB and it is giving me trouble. So here are my two files, HTML form first:
<!DOCTYPE html>
<html>
<body>
<title>Home Page</title>
<h3>Please Place your Order Below:</h3>
<form action="tacoOrder.php" method="POST" />
<p>Name: <input type="text" name="name" /></p>
<p>Taco Order: <input type="text" name="tacoOrder" /></p>
<input type="submit" value="Submit" />
</form>
</body>
</html>
and PHP:
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
echo "HOLY EFF";
$name = $_POST('name');
$tacoOrder = $_POST('tacoOrder');
$query = "INSERT INTO orders ('name', 'tacoOrder') VALUES ('{$name}', '{$tacoOrder}')";
if(!mysql_query($query)
{
die("DAMMIT");
}
$mysql_close();
?>
It doesn't give a connection error, but no data is inserted into my DB. Any ideas?
Thanks.
Others have already given you answers. To add, you are using quotes around column names which should be backticks or remove the quotes altogether.
Change:
INSERT INTO orders ('name', 'tacoOrder')
^ ^ ^ ^
to
INSERT INTO orders (`name`, `tacoOrder`)
or
INSERT INTO orders (name, tacoOrder)
or as a complete answer:
$name = $_POST['name'];
$tacoOrder = $_POST['tacoOrder'];
$query = "INSERT INTO orders (`name`, `tacoOrder`) VALUES ('$name', '$tacoOrder')";
Sidenote: Backticks are not required but the single quotes for the column names cannot be used. It's just a force of habit that I myself use backticks around column names.
Plus, this $mysql_close(); should not have a $ in front of mysql_close but $link inside the brackets:
Change to mysql_close($link);
Yet as noted by Mr. Alien, the variable for mysql_close() is optional (Thanks for that)
You also have a missing ) in if(!mysql_query($query) which should read as if(!mysql_query($query))
Do consider switching to mysqli_* functions with prepared statements or PDO. The mysql_* functions are deprecated and will be deleted from future releases.
complete rewrite: (tested and working on my server)
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysql_error());
}
$db_select = mysql_select_db(DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
echo "HOLY EFF";
$name = $_POST['name'];
$tacoOrder = $_POST['tacoOrder'];
$query = "INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')";
if(!mysql_query($query))
{
die("DAMMIT");
}
else{ echo "Success"; }
mysql_close();
?>
You could also use this method which is slightly different:
$query = mysql_query("INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')");
if (!$query) {
die('Invalid query: ' . mysql_error());
}
else{ echo "Success"; }
Footnotes:
You risk in getting empty data entries because you are not checking if your form elements are left empty.
You could use a conditional statement to the effect of:
if(!empty($_POST['name']) || !empty($_POST['tacoOrder']))
{
// continue with code processing
}
Plus, use what Awlad mentions in his answer in regards to using mysql_real_escape_string()
You can also read a good article here on SO How can I prevent SQL injection in PHP?
Here is a (basic) mysqli_* based method with the mysqli_real_escape_string() function and a conditional statement to check if any of the fields are empty.
If one of the fields is left empty, the query won't execute.
<?php
define('DB_NAME', 'tacoPractice');
define('DB_USER', 'root');
define('DB_PASS', 'root');
define('DB_HOST', 'localhost');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link)
{
die('Could not connect to database: ' . mysqli_error());
}
$db_select = mysqli_select_db($link,DB_NAME);
if(!$db_select)
{
die('Can\'t use ' . DB_NAME . ': ' . mysqli_error());
}
echo "HOLY EFF";
$name = mysqli_real_escape_string($link,$_POST['name']);
$tacoOrder = mysqli_real_escape_string($link,$_POST['tacoOrder']);
if(!empty($_POST['name']) || !empty($_POST['tacoOrder'])){
$query = "INSERT INTO orders (name, tacoOrder) VALUES ('$name', '$tacoOrder')";
if(!mysqli_query($link,$query))
{
die("DAMMIT");
}
else{ echo "Success"; }
mysqli_close($link);
}
?>
这篇关于PHP表单不能插入mySQL数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
