1. 首頁
  2. 問答
  3. 表單說它的發送,但沒有數據顯示在數據庫中

表單說它的發送,但沒有數據顯示在數據庫中

2014-12-04 56 views
0

我是PHP新手,仍然試圖讓我的頭圍繞它。這種形式表示數據已經發送到數據庫,但是當我看到數據庫是空的,沒有錯誤出現?我的代碼有問題嗎?表單說它的發送,但沒有數據顯示在數據庫中

注意:我知道這個表單不受SQL注入保護。

HTML

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Page 3 Form</h2><hr/> 
       <span id="error"> 

       </span> 
       <form action="page4_insertdata.php" method="post"> 

        <label>Company Name :<span>*</span></label><br /> 
        <input name="company_name" type="text" placeholder="Joes Cleaner" required> 
        <br /> 

        <label>Ref :<span>*</span></label><br /> 
        <input name="ref" type="text" placeholder="H123" required> 
        <br /> 

        <label>Website :<span>*</span></label><br /> 
        <input name="website" type="text" placeholder="www.google.com" required> 
        <br /> 

        <label>Email :<span>*</span></label><br /> 
        <input name="email" type="email" placeholder="[email protected]" required> 
        <br /> 

        <label>Telephone :<span>*</span></label><br /> 
        <input name="tel" type="text" placeholder="07123456789" required> 
        <br /> 

        <label>Message :<span>*</span></label><br /> 
        <input name="message" id="message" type="text" size="500" required> 
        <br /> 



        <input type="reset" value="Reset" /> 
        <input name="submit" type="submit" value="Submit" /> 

       </form> 
      </div> 

     </div> 
    </body> 
</html>

PHP

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>PHP Multi Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Multi Page Form</h2><hr/> 

       <?php 

          $servername = "localhost"; 
          $db_database = 'form'; 
          $username = "root"; 
          $password = ""; 

          // Create connection 
          $conn = new mysqli($servername, $username, $password); 

          // Check connection 
          if ($conn->connect_error) { 
           die("Connection failed: " . $conn->connect_error); 
          } 
          echo "DB Connected successfully. "; 


          $company_name = $_POST['company_name']; 
          $ref = $_POST['ref']; 
          $website = $_POST['website']; 
          $email = $_POST['email']; 
          $tel = $_POST['tel']; 
          $message = $_POST['message']; 


          $sql = "INSERT INTO detail (company_name,ref,website,email,tel,message) 
          VALUES ('$company_name','$ref','$website','$email','$tel','$message')"; 

          if($sql){ 
          echo " Database Sent."; 
          } 
          else { 
          echo "ERROR to insert into database"; 
          }; 
       ?> 
      </div> 

     </div> 
    </body> 
</html>

來源

2014-12-04 jl5660

+2

你是不是真正執行查詢。 – 2014-12-04 16:08:38

+0

**危險**:您很容易[SQL注入攻擊](http://bobby-tables.com/)**,您需要[防禦](http://stackoverflow.com/questions/ 60174/best-way-to-prevent-sql -injection-in-php)自己從。 – Quentin 2014-12-04 16:09:21

+0

我知道我只是想讓它首先工作。 – jl5660 2014-12-04 16:10:11

回答

2

更改下面的代碼:

if($sql){ 
echo " Database Sent."; 
} 
else { 
echo "ERROR to insert into database"; 
};

要:

$result = $conn->query($sql); 
if($result){ 
    echo " Database Sent."; 
} 
else { 
    echo "ERROR to insert into database"; 
};

這樣你實際上是在執行查詢和查詢的故障檢查...

爲了使您的查詢比較安全,請嘗試以下操作:

$sql = " 
    INSERT INTO detail (
     company_name, 
     ref, 
     website, 
     email, 
     tel, 
     message 
    ) 
    VALUES (
     '" . mysqli_real_escape_string($company_name) . "', 
     '" . mysqli_real_escape_string($ref) . "', 
     '" . mysqli_real_escape_string($website) . "', 
     '" . mysqli_real_escape_string($email) . "', 
     '" . mysqli_real_escape_string($tel) . "', 
     '" . mysqli_real_escape_string($message) . "' 
    )";

更好的是,通過替換$sql實例化和查詢執行($conn->query())來使用params綁定。第i個以下:

$stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)"); 
$stmt->bind_param('ssssss', $company_name, $ref, $website, $email, $tel, $message); 
$stmt->execute();

您可以通過訪問綁定與mysqli的參數讀了PHP: mysqli_stmt::bind_param - Manual

完整代碼:

<?php 
session_start(); 
?> 
<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>PHP Multi Page Form</title> 
     <link rel="stylesheet" href="style.css" /> 
    </head> 
    <body> 
     <div class="container"> 
      <div class="main"> 
       <h2>PHP Multi Page Form</h2><hr/> 

       <?php 

          $servername = "localhost"; 
          $db_database = 'form'; 
          $username = "root"; 
          $password = ""; 

          // Create connection 
          $conn = new mysqli($servername, $username, $password, $db_database); 

          // Check connection 
          if ($conn->connect_error) { 
           die("Connection failed: " . $conn->connect_error); 
          } 
          echo "DB Connected successfully. "; 

          $stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)"); 
          $stmt->bind_param('ssssss', 
           $_REQUEST['company_name'], 
           $_REQUEST['ref'], 
           $_REQUEST['website'], 
           $_REQUEST['email'], 
           $_REQUEST['tel'], 
           $_REQUEST['message'] 
          ); 

          if($stmt->execute()) { 
           echo " Database Sent."; 
          } else { 
           echo "ERROR to insert into database: " . $stmt->error; 
          }; 
       ?> 
      </div> 

     </div> 
    </body> 
</html>

來源

2014-12-04 16:10:32 RichardBernards

0

你的arent實際發送的查詢,你設定的變量$ sql =「INSERT .....」 這總是如此。

你需要做的:

$result = $mysqli->query($sql); 


if ($result......)

來源

2014-12-04 16:10:58 bart2puck

相關問題

 相關問題