php 从 HTML 表单向 MySQL 数据库添加数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16129418/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Adding Data to a MySQL Database from an HTML Form
提问by Elfuthark
HI all i've a basic Web Form for putting data into a mysql database, I created code to report if i was connected to my Database correctly and it was so on completion of the form i tested it and it seems to do what i expected but when i goto my database no data was actually entered? I've tried this locally and on a server with both doing the same thing. Here is my two .php forms for you to look that i used on my local machine to test in MAMP just incase i have done something wrong:
大家好,我有一个基本的 Web 表单,用于将数据放入 mysql 数据库,我创建了代码来报告我是否正确连接到我的数据库,并且在完成表单后我测试了它,它似乎符合我的预期但是当我进入我的数据库时,实际上没有输入数据?我已经在本地和服务器上尝试过,两者都做同样的事情。这是我的两个 .php 表单供您查看,我在本地机器上使用它们在 MAMP 中进行测试,以防万一我做错了:
virtualWalkLog.php
virtualWalkLog.php
<form action="hazardsform.php" method="POST" />
<p>ROUTE: <input type="text" name="ROUTE" /></p>
<p>ADDRESS: <input type="text" name="ADDRESS" /></p>
<p>LATITUDE: <input type="text" name="LATITUDE" /></p>
<p>LONGITUDE: <input type="text" name="LONGITUDE" /></p>
<p>HAZARD: <input type="text" name="HAZARD" /></p>
<p>RISK: <input type="text" name="RISK" /></p>
<input type="submit" value="Submit" />
</form>
hazardsform.php
危险表格
<?php
define('DB_NAME', 'virtualWalkLog');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')";
mysql_close();
Many Thanks in advance
提前谢谢了
回答by Fabio
you are not exectuing your query, this is why no data is inserted. Try to place after
您没有执行您的query,这就是未插入数据的原因。尝试放置在
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6')";
this
这个
$result = mysql_query($sql);
also all values are in one variable $value, so you will end up with all the same result in your table so change to this to fit your query
所有值都在一个变量中$value,因此您最终会在表中得到所有相同的结果,因此请更改为适合您的查询
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
I would also sugeest you to stop using mysql_api since they are depecrated, please switch to PDOor mysqli
我也建议您停止使用 mysql_api,因为它们已被弃用,请切换到PDO或mysqli
Furthermore you are ready to mysql injection. there is a nice tutorial here which explain you everything about that -> How can I prevent SQL injection in PHP?
此外,您已准备好mysql injection。这里有一个很好的教程,它向您解释了所有相关内容->如何防止 PHP 中的 SQL 注入?
回答by alwaysLearn
Going through your script quickly you need to call mysql_query($sql)after
快速浏览您的脚本,您需要在mysql_query($sql)之后调用
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')";
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')";
mysql_sqlquery will actually execute the query.
mysql_sqlquery 将实际执行查询。
Also as $valueshould be unique
也$value应该是独一无二的
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
-----
SUGGESTIONSince you have just begin ..I will suggest you try mysql_* for just concepts
but use mysqli_*or PDO.. You shold also know about sql injection
建议因为你刚刚开始..我建议你尝试 mysql_* 只是概念但使用mysqli_*或PDO..你应该也知道 sql 注入
Here are some tutorials to help you
这里有一些教程可以帮助你
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.pdo.php
回答by Yogesh Suthar
you are assigning values to only one variable $valuehere
你在$value这里只给一个变量赋值
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
should be
应该
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Also call mysql_query($sql);for running the query.
还要求mysql_query($sql);运行查询。
回答by Triple_6
just rename:
只需重命名:
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
回答by Vivek Sadh
You are capturing all the input fields value into one variable. You need to execute mysql_query for it to work. Change this :-
您正在将所有输入字段值捕获到一个变量中。您需要执行 mysql_query 才能使其工作。改变这个:-
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
to:-
到:-
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Once you have done that, you need to call mysql_query($sql) to execute the query.
完成后,您需要调用 mysql_query($sql) 来执行查询。
回答by Silvertiger
You kep all the variables as the same name
您将所有变量保留为相同的名称
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
change them to unique id's (as you referenced in the sql statement)
将它们更改为唯一 ID(如您在 sql 语句中所引用的)
$value1 = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
and change your query statement to actually execute
并更改您的查询语句以实际执行
$result = mysql_query("INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')");
