1. 首頁
  2. 問答
  3. 我不能INSERT INTO功能與數據從運行HTML表單

我不能INSERT INTO功能與數據從運行HTML表單

2013-12-21 33 views
1

了這是我的HTML表單:我不能INSERT INTO功能與數據從運行HTML表單

<form id="ajax-contact-form" action="upload.php" method = "post" enctype="multipart/form-data" > 

       <div class="col1"> 

        <div class="clear"></div> 
        <br><br> 
        <INPUT type="text" name="Name" value="Full name:" onBlur="if(this.value=='') this.value='Full name:'" 
          onFocus="if(this.value =='Full name:') this.value=''"> 
        <div class="clear"></div> 

        <INPUT type="text" name="Email" value="Your email:" onBlur="if(this.value=='') this.value='Your email:'" 
          onFocus="if(this.value =='Your email:') this.value=''"><div class="clear"></div> 

        <INPUT type="text" name="University" value="University, College or Institute:" onBlur="if(this.value=='') this.value='University, College or Institute:'" 
          onFocus="if(this.value =='University, College or Institute:') this.value=''"> 
        <div class="clear"></div></div> 

        <div class="col1 pad_left5"><br> 
        <h4>Please write about your academic research experiences:</h4> 
        <TEXTAREA NAME="Content" onBlur="if(this.value=='') this.value=''" 
          onFocus="if(this.value =='') this.value=''"></TEXTAREA> 
        <div class="clear"></div></div> 
        <div class="clear"></div> 


        <br><h4>Upload your photo (200 x 200):</h4><br> 
        <INPUT type = "file" name="Picture" id = "picture" lang="en"> 
        <div class="clear"></div><br> 

        <h4>Please upload your academic publications under one folder as a compressed file:</h4><br> 
        <INPUT type = "file" name="Publications" id = "Publication" lang="en"> 
        <div class="clear"></div><br> 

        <div class="box"> 
        <div class="services1"> 
        <h4>GPA</h4><br> 
        <INPUT class="capthca" type="text" name="GPA" value="GPA:" onBlur="if(this.value=='') this.value='GPA:'" 
          onFocus="if(this.value =='GPA:') this.value=''"> 

        <div class="clear"></div><br> 

        <h4>IELTS</h4><br> 
        <INPUT class="capthca" type="text" name="IELTS" value="IELTS Score:" onBlur="if(this.value=='') this.value='IELTS Score:'" 
          onFocus="if(this.value =='IELTS Score:') this.value=''"> 
        <div class="clear"></div> 
        </div> 

        <div class="services1"> 
        <h4>TOEFL</h4><br> 
        <INPUT class="capthca" type="text" name="PBT" value="PBT:" onBlur="if(this.value=='') this.value='PBT:'" 
          onFocus="if(this.value =='PBT:') this.value=''"> <div class="clear"></div> 

        <INPUT class="capthca" type="text" name="CBT" value="CBT:" onBlur="if(this.value=='') this.value='CBT:'" 
          onFocus="if(this.value =='CBT:') this.value=''"> <div class="clear"></div> 

        <INPUT class="capthca" type="text" name="IBT" value="IBT:" onBlur="if(this.value=='') this.value='IBT:'" 
          onFocus="if(this.value =='IBT:') this.value=''"> <div class="clear"></div> 


        <div class="clear"></div> 
        </div> 

        <div class="services1 last"> 
        <h4>ALES</h4><br> 
        <INPUT class="capthca" type="text" name="VERBAL" value="Verbal Score:" onBlur="if(this.value=='') this.value='Verbal Score:'" 
          onFocus="if(this.value =='Verbal Score:') this.value=''"> <div class="clear"></div> 

        <INPUT class="capthca" type="text" name="MATH" value="Math Score:" onBlur="if(this.value=='') this.value='Math Score:'" 
          onFocus="if(this.value =='Math Score:') this.value=''"> <div class="clear"></div> 

        <INPUT class="capthca" type="text" name="EQUALWEIGHT" value="Equal Weight Score:" onBlur="if(this.value=='') this.value='Equal Weight Score:'" 
          onFocus="if(this.value =='Equal Weight Score:') this.value=''"> <div class="clear"></div> 
        </div>   
        <div class="clear"></div> 
        </div>  
        <div class="clear"></div> 
        <INPUT class="submit" type="submit" name="submit" value="submit"> 
        <div class="clear"></div> 
        </form>

的這個其他變量我已經分配給了HTML表單中的值。

$Name = (string)$_POST["Name"]; 
        $EMail = (string)$_POST["Email"]; 
        $University = (string)$_POST["University"]; 
        $Academic_Experience = $_POST["Content"]; 
        $Photo = $_POST["Picture"]; 
        $Publications = $_POST["Publications"]; 
        $GPA = (float)$_POST["GPA"]; 
        $VERBAL = (float)$_POST["VERBAL"]; 
        $MATH = (float)$_POST["MATH"]; 
        $EQUALWEIGHT = (float)$_POST["EQUALWEIGHT"]; 
        $PBT = (float)$_POST["PBT"]; 
        $CBT = (float)$_POST["CBT"]; 
        $IBT = (float)$_POST["IBT"]; 
        $IELTS = (float)$_POST["IELTS"];

但是,當我試圖插入數據到數據庫的代碼;

$record = mysql_query("INSERT INTO Students (NAME, EMAIL, PHOTO, GPA, ALES_VERBAL_SCORES, ALES_MATH_SCORE, ALES_EQUALWEIGHT_SCORES, TOEFL_PBT, TOEFL_CBT, TOEFL_IBT, IELTS, UNIVERSITY, EXPERIENCE, PUBLICATIONS) VALUES ("."$Name".", "."$EMail".", "."$FileName".", $GPA, $VERBAL, $MATH, $EQUALWEIGHT, $PBT, $CBT, $IBT, $IELTS, "."$University".", "."$Academic_Experience".", "."$PublicationsFileName".")");

我對此代碼有問題。它不會將數據插入數據庫。如果你幫助我,我會很高興。 謝謝...

來源

2013-12-21 Hasan Sait Arslan

+1

你有什麼錯誤嗎? –

+1

看起來像SQL注入的天堂! – bansi

+0

不,我不明白。 –

回答

0

看起來你錯過了一些(很多)的報價。試試這個更可讀的方法

$record = mysql_query("INSERT INTO Students (NAME, EMAIL, GPA, 
    ALES_VERBAL_SCORES, ALES_MATH_SCORE, ALES_EQUALWEIGHT_SCORES, TOEFL_PBT, TOEFL_CBT, 
    TOEFL_IBT, IELTS, UNIVERSITY, EXPERIENCE) VALUES 
    ('$Name', '$EMail', $GPA, $VERBAL, $MATH, $EQUALWEIGHT, 
    $PBT, $CBT, $IBT, $IELTS, '$University', '$Academic_Experience')");

不能使用$Photo = $_POST["Picture"];您可能需要不同的方式處理文件上傳。我從查詢中刪除了PHOTOPUBLICATIONS

警告:mysql_函數從PHP 5.5.0開始已棄用,並且將來會被刪除。應該使用MySQLiPDO_MySQL擴展名。

警告:您的代碼很容易出現SQL注入,請嘗試使用Prepared語句。 (AT-至少正確轉義字符串)

來源

2013-12-21 11:21:22 bansi

+0

它仍然無法正常工作。 –

+0

文件上傳不會在'$ _POST'中提供 – bansi

+0

我可以上傳文件。 –

1

值必須在單引號「$ Name'`

"INSERT INTO Students (NAME, EMAIL, PHOTO, GPA, ALES_VERBAL_SCORES, 
ALES_MATH_SCORE,ALES_EQUALWEIGHT_SCORES,TOEFL_PBT, 
TOEFL_CBT, TOEFL_IBT, IELTS, UNIVERSITY,EXPERIENCE, PUBLICATIONS) 
     VALUES ('$Name', '$EMail', '$FileName', 
     '$GPA', '$VERBAL', '$MATH', 
     '$EQUALWEIGHT', '$PBT', '$CBT', '$IBT', 
    '$IELTS', '$University', '$Academic_Experience', '$PublicationsFileName')"

來源

2013-12-21 11:21:33 Nambi

+0

不,它不起作用。 –

+0

($ Name = $ _ POST [「Name」];)你不必在PHP中投下變量,刪除所有的投射並嘗試... – Nambi

+0

我不認爲鑄造變量時有問題。因爲我有if命令在同一頁面,他們的工作。 –

-1

你是不是包裝裏面的字符串在查詢報價。 試試這個:

$record = mysql_query(
    "INSERT INTO Students (
      NAME, EMAIL, PHOTO, 
      GPA, ALES_VERBAL_SCORES, ALES_MATH_SCORE, ALES_EQUALWEIGHT_SCORES, 
      TOEFL_PBT, TOEFL_CBT, TOEFL_IBT, IELTS, 
      UNIVERSITY, EXPERIENCE, PUBLICATIONS 
    ) VALUES (
      '$Name', '$EMail', '$FileName', 
      $GPA, $VERBAL, $MATH, $EQUALWEIGHT, 
      $PBT, $CBT, $IBT, $IELTS, 
      '$University', '$Academic_Experience', '$PublicationsFileName' 
    )" 
);

由於調試好做法總是打印出結果查詢屏幕,複製它,在你的phpMyAdmin的控制檯或與MySQL CLI運行,如果錯誤是不會立即明顯。

例如,如果你這樣做,你會立即看到字符串不包含在引號中。

希望有所幫助。

來源

2013-12-21 11:27:05

+0

它不起作用。 –

+0

你有什麼錯誤?我將你的查詢用引號正確地包裹起來,如果你的代碼有其他錯誤,請提供更多信息,而不是標記我的答案。 –

相關問題

 相關問題