php 如何将 HTML 表单中的数据插入 MySQL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12593350/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to insert data from an HTML form into MySQL
提问by Conor H.
Please tell me what's wrong with my code!!!!
请告诉我我的代码有什么问题!!!!
new-payment.php
新的payment.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Process New Payment</title>
</head>
<body>
<h1>Please Input Payment Details</h1>
<fieldset>
<legend>New Payment</legend>
<form action="process-payment.php" method="post" />
<table>
<tr>
<td>Date:</td><td><input type="date" name="date" /><br /></td>
</tr>
<tr>
<td>Today's Charge:</td><td><input type="text" name="charge" /><br /></td>
</tr>
<tr>
<td>Today's Payment:</td><td><input type="text" name="payment" /><br /></td>
</tr>
<tr>
<td>Client Number:</td><td><input type="text" name="client_no" /><br /></td>
</tr>
<tr>
<td>Client Name:</td><td><input type="text" name="client_name" /><br /></td>
</tr>
<tr>
<td>Check Number:</td><td><input type="text" name="check_no" /><br /></td>
</tr>
<tr>
<td>Check Amount:</td><td><input type="text" name="check" /><br /></td>
</tr>
<tr>
<td>Cash Amount:</td><td><input type="text" name="cash" /><br /></td>
</tr>
<tr>
<td>Notes:</td><td><input type="text" name="notes" /><br /></td>
</tr>
<tr>
<td>Staff Initials:</td><td><input type="text" name="staff_initials" /><br /></td>
</tr>
</table>
<input type="submit" value="Process Payment">
</form>
</fieldset>
<br />
</body>
</html>
process-payment.php
流程payment.php
<?php
define('DB_NAME', 'DBNAME');
define('DB_USER', 'USERNAME');
define('DB_PASS', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if (!$link) {
dir('There was a problem when trying to connect to the host. Please contact Tech Support. Error: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$link) {
dir('There was a problem when trying to connect to the database. Please contact Tech Support. Error: ' . mysql_error());
}
$date = $_POST['date'];
$charge = $_POST['charge'];
$payment = $_POST['payment'];
$client_no = $_POST['client_no'];
$client_name = $_POST['client_name'];
$check_no = $_POST['check_no'];
$check = $_POST['check'];
$cash = $_POST['cash'];
$notes = $_POST['notes'];
$staff_initials = $_POST['staff_initials'];
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
?>
I do not know what is wrong but I get an error when I press Process Payment:
我不知道出了什么问题,但是当我按“处理付款”时出现错误:
Error: You have an error in your SQL syntax; check the manual that corresponds to your >MySQL server version for the right syntax to use near 'check, cash, notes, staff_initials) >VALUES ('2012-09-24', '$0.00', '$20.00', '46' at line 1
错误:您的 SQL 语法有错误;检查与您的 >MySQL 服务器版本相对应的手册,了解在“check, cash, notes, staff_initials”附近使用的正确语法 >VALUES ('2012-09-24', '$0.00', '$20.00', '46' at 1号线
回答by Michael Berkowski
CHECKis a MySQL reserved keyword. You must enclose it in backticks to use it as a column or table identifier.
CHECK是MySQL 保留关键字。您必须将其括在反引号中才能将其用作列或表标识符。
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, `check`, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
Note that your script is vulnerable to SQL injection. At a minimum, you must call mysql_real_escape_string()over each of those input variables.
请注意,您的脚本容易受到 SQL 注入的影响。至少,您必须调用mysql_real_escape_string()这些输入变量中的每一个。
// As in:
$charge = mysql_real_escape_string($_POST['charge']);
回答by Chris
change
改变
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
to
到
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('".$date."', '".$charge."', '".$payment."', '".$client_no."', '".$client_name."', '".$check_no."', '".$check."', '".$cash."', '".$notes."', '".$staff_initials."')";
And it may pay to look up MySQL PDO instead of using the depreciated connection code you are using.
并且可能需要查找 MySQL PDO 而不是使用您正在使用的折旧连接代码。
回答by Chris
Try to echo all element and see wheather some variable may be blank or empty or not.
尝试回显所有元素并查看某些变量是否为空或空。
I have same error. I solved by this way
我有同样的错误。我是这样解决的
