PHP:将表单中的值插入 MySQL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37367992/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP: Inserting Values from the Form into MySQL
提问by notrealme
I created a userstable in mysqlfrom the terminal and I am trying to create simple task: insert values from the form. This is my dbConfig file
我从终端创建了一个users表,mysql我正在尝试创建简单的任务:从表单插入值。这是我的dbConfig file
<?php
$mysqli = new mysqli("localhost", "root", "pass", "testDB");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
and This is my Index.php.
这是我的Index.php.
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
<?php
include_once 'dbConfig.php';
?>
</head>
<body>
<?php
if(isset($_POST['save'])){
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
}
?>
<form method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
<button type="submit" name="get">get</button>
</form>
</body>
</html>
After hitting my save button, nothing happens, database is still empty. I tried echo'ingthe INSERTquery and it takes all values from the form as it is supposed to. After I try to check if this worked from terminal, I login into my sqltry to return all data from users table and I get empty set.
点击我的保存按钮后,没有任何反应,数据库仍然是空的。我尝试echo'ing了INSERT查询,它按照预期从表单中获取所有值。在我尝试从终端检查这是否有效后,我登录sql尝试从用户表中返回所有数据,但我得到了空集。
回答by dimlucas
The following code just declares a string variable that contains a MySQL query:
以下代码仅声明了一个包含 MySQL 查询的字符串变量:
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
It does not execute the query. In order to do that you need to use some functions but let me explain something else first.
它不执行查询。为了做到这一点,你需要使用一些函数,但让我先解释一下其他的东西。
NEVER TRUST USER INPUT: You should never append user input (such as form input from $_GETor $_POST) directlyto your query. Someone can carefully manipulate the input in such a way so that it can cause great damage to your database. That's called SQL Injection. You can read more about it here
永远不要信任用户输入:您永远不应该将用户输入(例如来自$_GET或 的表单输入$_POST)直接附加到您的查询中。有人可以以这种方式小心地操纵输入,从而可能对您的数据库造成很大的损害。这就是所谓的 SQL 注入。你可以在这里阅读更多关于它的信息
To protect your script from such an attack you mustuse Prepared Statements. More on prepared statements here
为了保护您的脚本免受此类攻击,您必须使用准备好的语句。更多关于准备好的声明在这里
Include prepared statements to your code like this:
在您的代码中包含准备好的语句,如下所示:
$sql = "INSERT INTO users (username, password, email)
VALUES (?,?,?)";
Notice how the ?are used as placeholders for the values. Next you should prepare the statement using mysqli_prepare:
请注意如何将?用作值的占位符。接下来,您应该使用mysqli_prepare以下方法准备语句:
$stmt = mysqli_prepare($sql);
Then start binding the input variables to the prepared statement:
然后开始将输入变量绑定到准备好的语句:
$stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password']);
And finally execute the prepared statements. (This is where the actual insertion takes place)
最后执行准备好的语句。(这是实际插入发生的地方)
$stmt->execute();
NOTEAlthough not part of the question, I strongly advice you to never store passwords in clear text. Instead you should use password_hashto store a hash of the password
注意虽然不是问题的一部分,但我强烈建议您永远不要以明文形式存储密码。相反,您应该使用password_hash来存储密码的哈希值
回答by Syed Muneeb Ul Hasan
There are two problems in your code.
您的代码中有两个问题。
- No action found in form.
- You have not executed the query mysqli_query()
- 未在表单中找到任何操作。
- 您还没有执行查询mysqli_query()
dbConfig.php
配置文件
<?php
$conn=mysqli_connect("localhost","root","password","testDB");
if(!$conn)
{
die("Connection failed: " . mysqli_connect_error());
}
?>
index.php
索引.php
include('dbConfig.php');
<!Doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<title>test</title>
</head>
<body>
<?php
if(isset($_POST['save']))
{
$sql = "INSERT INTO users (username, password, email)
VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";
$result = mysqli_query($conn,$sql);
}
?>
<form action="index.php" method="post">
<label id="first"> First name:</label><br/>
<input type="text" name="username"><br/>
<label id="first">Password</label><br/>
<input type="password" name="password"><br/>
<label id="first">Email</label><br/>
<input type="text" name="email"><br/>
<button type="submit" name="save">save</button>
</form>
</body>
</html>
回答by Dewesh Sinha
Try this:
尝试这个:
dbConfig.php
配置文件
<?php
$mysqli = new mysqli('localhost', 'root', 'pwd', 'yr db name');
if($mysqli->connect_error)
{
echo $mysqli->connect_error;
}
?>
Index.php
索引.php
<html>
<head><title>Inserting data in database table </title>
</head>
<body>
<form action="control_table.php" method="post">
<table border="1" background="red" align="center">
<tr>
<td>Login Name</td>
<td><input type="text" name="txtname" /></td>
</tr>
<br>
<tr>
<td>Password</td>
<td><input type="text" name="txtpwd" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="txtbutton" value="SUBMIT" /></td>
</tr>
</table>
control_table.php
<?php include 'config.php'; ?>
<?php
$name=$pwd="";
if(isset($_POST['txtbutton']))
{
$name = $_POST['txtname'];
$pwd = $_POST['txtpwd'];
$mysqli->query("insert into users(name,pwd) values('$name', '$pwd')");
if(!$mysqli)
{ echo mysqli_error(); }
else
{
echo "Successfully Inserted <br />";
echo "<a href='show.php'>View Result</a>";
}
}
?>
回答by mittal bhatt
<!DOCTYPE html>
<?php
$con = new mysqli("localhost","root","","form");
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<script type="text/javascript">
$(document).ready(function(){
//$("form").submit(function(e){
$("#btn1").click(function(e){
e.preventDefault();
// alert('here');
$(".apnew").append('<input type="text" placeholder="Enter youy Name" name="e1[]"/><br>');
});
//}
});
</script>
</head>
<body>
<h2><b>Register Form<b></h2>
<form method="post" enctype="multipart/form-data">
<table>
<tr><td>Name:</td><td><input type="text" placeholder="Enter youy Name" name="e1[]"/>
<div class="apnew"></div><button id="btn1">Add</button></td></tr>
<tr><td>Image:</td><td><input type="file" name="e5[]" multiple="" accept="image/jpeg,image/gif,image/png,image/jpg"/></td></tr>
<tr><td>Address:</td><td><textarea cols="20" rows="4" name="e2"></textarea></td></tr>
<tr><td>Contact:</td><td><div id="textnew"><input type="number" maxlength="10" name="e3"/></div></td></tr>
<tr><td>Gender:</td><td><input type="radio" name="r1" value="Male" checked="checked"/>Male<input type="radio" name="r1" value="feale"/>Female</td></tr>
<tr><td><input id="submit" type="submit" name="t1" value="save" /></td></tr>
</table>
<?php
//echo '<pre>';print_r($_FILES);exit();
if(isset($_POST['t1']))
{
$values = implode(", ", $_POST['e1']);
$imgarryimp=array();
foreach($_FILES["e5"]["tmp_name"] as $key=>$val){
move_uploaded_file($_FILES["e5"]["tmp_name"][$key],"images/".$_FILES["e5"]["name"][$key]);
$fname = $_FILES['e5']['name'][$key];
$imgarryimp[]=$fname;
//echo $fname;
if(strlen($fname)>0)
{
$img = $fname;
}
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
}
exit;
// echo $values;exit;
//foreach($_POST['e1'] as $row)
//{
$d="insert into form(name,address,contact,gender,image)values('$values','$_POST[e2]','$_POST[e3]','$_POST[r1]','$img')";
if($con->query($d)==TRUE)
{
echo "Yoy Data Save Successfully!!!";
}
//}
//exit;
}
?>
</form>
<table>
<?php
$t="select * from form";
$y=$con->query($t);
foreach ($y as $q);
{
?>
<tr>
<td>Name:<?php echo $q['name'];?></td>
<td>Address:<?php echo $q['address'];?></td>
<td>Contact:<?php echo $q['contact'];?></td>
<td>Gender:<?php echo $q['gender'];?></td>
</tr>
<?php }?>
</table>
</body>
</html>
回答by Jalak Nimavat
<?php
$username="root";
$password="";
$database="test";
#get the data from form fields
$Id=$_POST['Id'];
$P_name=$_POST['P_name'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$email=$_POST['email'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die("unable to select database");
if($_POST['insertrecord']=="insert"){
$query="insert into person values('$Id','$P_name','$address1','$address2','$email')";
echo "inside";
mysql_query($query);
$query1="select * from person";
$result=mysql_query($query1);
$num= mysql_numrows($result);
#echo"<b>output</b>";
print"<table border size=1 >
<tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
$i=0;
while($i<$num)
{
$Id=mysql_result($result,$i,"Id");
$P_name=mysql_result($result,$i,"P_name");
$address1=mysql_result($result,$i,"address1");
$address2=mysql_result($result,$i,"address2");
$email=mysql_result($result,$i,"email");
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
$i++;
}
print"</table>";
}
if($_POST['searchdata']=="Search")
{
$P_name=$_POST['name'];
$query="select * from person where P_name='$P_name'";
$result=mysql_query($query);
print"<table border size=1><tr><th>Id</th>
<th>P_name</th>
<th>address1</th>
<th>address2</th>
<th>email</th>
</tr>";
while($row=mysql_fetch_array($result))
{
$Id=$row[Id];
$P_name=$row[P_name];
$address1=$row[address1];
$address2=$row[address2];
$email=$row[email];
echo"<tr><td>$Id</td>
<td>$P_name</td>
<td>$address1</td>
<td>$address2</td>
<td>$email</td>
</tr>";
}
echo"</table>";
}
echo"<a href=lab2.html> Back </a>";
?>
回答by ntthushara
When you click the Button
当您单击按钮时
if(isset($_POST['save'])){
$sql = "INSERT INTO `members`(`id`, `membership_id`, `email`, `first_name`)
VALUES ('".$_POST["id"]."','".$_POST["membership_id"]."','".$_POST["email"]."','".$_POST["firstname"]."')";
**if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}**
}
This will execute the Query in the variable $sql
这将在变量 $sql 中执行查询
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
