php 将用户的输入存储到数据库中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18523569/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Storing input from user into database
提问by jorgeAChacon
I am fairly new to PHP and I am trying to save input from a user into a mysql database. I followed a tutorial online on how to do it, but every time I enter the user's info, the website tells me it failed. The only thing that I can think of is the host name(I copied and pasted it from phpadmin).Please let me know if there is something wrong.
我对 PHP 还很陌生,我正在尝试将用户的输入保存到 mysql 数据库中。我在网上学习了如何操作的教程,但是每次我输入用户信息时,网站都会告诉我它失败了。我唯一能想到的就是主机名(我从 phpadmin 复制并粘贴了它)。如果有什么问题,请告诉我。
contact.html
联系方式.html
<section id="mid_section">
<div id="boxes">
<h1>
Leave your information here for a quick reponse:
</h1>
<br/>
<form id="myform" action="userinfo.php" method="post">
Name:<input type="text" value="name">
Email:<input type="email" value="email">
Phone:<input type= "tel" value="phone(opt)">
<button id="sub">Submit</button>
</form>
db.php
数据库文件
<?php
$conn = mysql_connect('custsql.eigbox.net','username','password');
$db= mysql_select_db('visitors');
?>
userinfo.php
用户信息.php
<?php
include_once('db.php');
$name =$_POST['name'];
$email =$_POST['email'];
$phone =$_POST['phone'];
if(mysql_query("INSERT INTO users (name,email,phone) VALUES ('$name','$email','$phone')"))
echo"successfully inserted";
else
echo "failed";
?>
myscript.js
我的脚本.js
$("#sub").click(function(){
$.post($("#myform").attr("action"), $("#myform:input").serializeArray(), function(info){$("#result").html(info);});
});
$("#myform").submit(function(){
return false;
});
回答by Davit
As you might fairly be a newcomer to php, on one hand it is great to follow tutorials, however chosing a right source might be a frequent disasterous problem.
由于您可能是 php 的新手,一方面遵循教程是很好的,但是选择正确的源可能是一个经常发生的灾难性问题。
When you are using functions like mysql_select_dband mysql_queryit basiaclly means that you are using a deprecated mysql style.
当您使用像mysql_select_dbandmysql_query之类的函数时,它基本上意味着您使用的是已弃用的 mysql 样式。
If you go to official php documentation and search for mysql method, it is going to tell you about its deprecation.
如果你去官方 php 文档并搜索 mysql 方法,它会告诉你它的弃用。
Problem here, though, is not a way you interact with database, your style of coding still works and many people still do it just like that.
但是,这里的问题不是您与数据库交互的方式,您的编码风格仍然有效,而且许多人仍然这样做。
I just tell you as a newcomer that instead of mysql_functions, people tend to favor mysqli and or PDO. Consider them as your future friends.
我只是作为一个新手告诉你mysql_,人们倾向于使用 mysqli 和/或 PDO ,而不是函数。把他们当作你未来的朋友。
What about your problem, I believe all is okay, except your mysql_query functions looks odd. Try following code instead of your query statement
你的问题呢,我相信一切都好,除了你的 mysql_query 函数看起来很奇怪。尝试以下代码而不是您的查询语句
if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))
or for security reasons even better
或者出于安全原因甚至更好
if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')"))
If it is not a case and you still get a 'Fail' error statement, you will need to do a very little debugging and people here will be able to help you out
如果不是这种情况并且您仍然收到“失败”错误声明,则您需要进行很少的调试,这里的人将能够帮助您
So, you will need to use following instead of what you have now
所以,你需要使用以下而不是你现在拥有的
if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($phone)."')")) {
echo 'Success!'
} else {
echo mysql_error();
exit;
}
Let's see what happens
让我们看看发生了什么
回答by Debashis
At first, use name on every attributes of the form. So, contact.html will be
首先,在表单的每个属性上使用 name。所以,contact.html 将是
<form id="myform" action="userinfo.php" method="post">
Name:<input type="text" value="name" name='name'>
Email:<input type="email" value="email" name='email'>
Phone:<input type= "tel" value="phone(opt)" name='phone'>
<button id="sub">Submit</button>
</form>
Use mysqli_* instead of mysql_* as it is deprecated. You can also use PDO. More on mysqli_*
使用 mysqli_* 而不是 mysql_* ,因为它已被弃用。您也可以使用 PDO。更多关于mysqli_*
Filter the data before inserting them into database. So, userinfo.php will look like
在将数据插入数据库之前过滤数据。所以,userinfo.php 看起来像
include_once('db.php');
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db,$_POST['email']);
$phone = mysqli_real_escape_string($db,$_POST['phone']);
if (mysql_query("INSERT INTO `users` (`name`, `email`, `phone`) VALUES ('".$name."','".$email."','".$phone."')"))
echo"successfully inserted";
else
echo "failed";
