0
我試圖通過一個html提交按鈕輸入數據到sql數據庫,但我不能完全得到它的工作。我看過這裏的其他答案,我似乎也無法讓他們工作。我很確定我的列名是正確的。我在哪裏錯了,有沒有更好的方法來解決這個問題?html提交sql數據條目
<?php
include('session.php');
if(isset($_POST['addHomework'])){
$link = mysqli_connect('host','user','userpw','database');
$class = mysqli_real_escape_string($link,$_POST['classDropdown']);
$dueDate = date('y-m-d', strtotime($_POST['dueDate']));
$title = mysqli_real_escape_string($link, $_POST['homeworkTitle']);
mysqli_query($link, "INSERT INTO events ('title', 'duedate', `event_id`) VALUES('$title', '$dueDate', '')");
}
?>
與此IIS我的HTML
<head>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.9.1.custom.min.css" rel="stylesheet" />
<script src="https://code.jquery.com/jquery-1.10.2.js"></script>
<title>The Memory Bank</title>
<meta name="description" content="website description" />
<meta name="keywords" content="website keywords, website keywords" />
<meta http-equiv="content-type" content="text/html; charset=windows-1252" />
<link rel="stylesheet" type="text/css" href="style.css" title="style" />
</head>
<body>
<div id="main">
<div id="header">
<div id="logo">
<div id="logo_text">
<h1>The Memory Bank</h1>
</div>
</div>
<div id="menubar">
<ul id="menu">
<li ><a href="teacherWelcome.php">Home</a></li>
<li><a href="student.php">Classes</a></li>
<li class="selected"><a href="homework.php">Homework</a></li>
<li><a href="parent.php">Feedback</a></li>
<li><a href="HoD.php">Head of Department</a></li>
<li><a href="logout.php">Log Out</a></li>
</ul>
</div>
</div>
<aside>
<div id="site_content">
<h1>Welcome
<?php
echo $row['username'];
?>
</h1>
<form name ="addHomework" method="POST" action="homework.php">
<p>Enter in a title for your homework:<br/>
<input type="text" name ="homeworkTitle" value="" maxlength="45"></P>
<p>Enter a duedate for your homework:<br/>
<input type="date" name ="dueDate" value="" maxlength="45"></P>
<p>Select a Class:<br/>
<select name="classDropdown">
<?php
include ('classlist.php');
$classlist = new Classlist();
echo $classlist -> show();
?>
</select>
<p><input type="submit" name="commit" id="commit" value="Add Homework"/></p>
</form>
</div>
</aside>
</script>
</div>
</div>
</div>
<div id="footer">
</div>
</div>
</body>
</html>
您剛剛發佈的憑據你的MySQL數據庫,因此已受到自己黑客攻擊的可能性。 –
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- ***)瞭解[MySQLi](http://php.net/manual)[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不信?](http://stackoverflow.com/q/38297105/1011527) –
在我的網站上沒有易受攻擊的信息它只是一個小項目我一直在玩 –