在數據庫中創建表單和storind數據

Question

我正在創建一個簡單的表單，它接受來自用戶的輸入並將該數據存儲到數據庫.......但我收到以下錯誤..我嘗試了很多解決方案。 BT不單身作品！ plz幫助我..

這裏是我的code..club.php

<!DOCTYPE HTML> 
<html> 
<head> 
<link rel="stylesheet" type="text/css" href="clubcs.css"> 
<title>Friends Club Registration</title> 
</head> 
<body> 
<form action="insert.php" method="post"> 
<div style="text-align:center;"> 
<img src="logo.jpg" alt="img" height="200"> 
</div> 
<div class="segment_header" style="width:auto;text-align:Left;"> 
    <h1 style="font-size:23px;">New Member Registration</h1> 
</div> 
<div class="text_field"> 
<p>First Name:<input type="text" name="first"></p> 
<p>Last Name:<input type="text" name="last"></p> 
<p>Address:<input type="text" name="addr"></p> 
<p>City:<input type="text" name="city"></p> 
<p>Contact no.:<input type="text" name="contact"></p> 
<p><input type="submit"></p> 
</div> 
</form> 
</body> 
</html> 

和insert.php

<?php 
$con=mysqli_connect("localhost","root",""); 
if (!$con) 
{ 
die('Could not connect: ' . mysqli_error($con)); 
} 
mysqli_select_db($con,"clubinfo"); 
$first=mysqli_real_escape_string($con,isset($_POST['first'])); 
$last=mysqli_real_escape_string($con,isset($_POST['last'])); 
$addr=mysqli_real_escape_string($con,isset($_POST['addr'])); 
$city=mysqli_real_escape_string($con,isset($_POST['city'])); 
$contact= mysqli_real_escape_string($con,isset($_POST['contact'])); 
$sql1="INSERT INTO clubdata (FirstName, LastName, Address, City, Contact no.) 
VALUES ('$first', '$last', '$addr', '$city', '$contact')"; 
if (!mysqli_query($con,$sql1)) 
{ 
die('Error: ' . mysqli_error($con)); 
} 
echo "You have successfully registered with us!"; 
mysqli_close($con); 
?> 

Answer 1

錯誤（未顯示在你的問題）是基於這個Contact no.是你的柱。

首先，它包含一個空格和句號。如果這是您的實際列名稱，則應考慮將其重命名爲Contact_no或在其周圍使用反引號。

即：

`Contact no.` 

或刪除週期，其重命名爲（在你的DB）：

`Contact no` 

變化

(FirstName, LastName, Address, City, `Contact no.`) 

或刪除期限和重命名它在DB到Contact no

(FirstName, LastName, Address, City, `Contact no`) 

，或者在你的數據庫，以Contact_no使用這種類型的命名約定的下劃線

(FirstName, LastName, Address, City, Contact_no) 

重命名不被認爲是很好的做法。 MySQL會抱怨它。

---

有關表/列indentifiers的更多信息，請訪問網站MySQL.com：

• http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html

---

此外，刪除所有從你的變量isset 。

$first=mysqli_real_escape_string($con,$_POST['first']); 

等

您也可以注入MySQL不同意的字符，撇號，斜線等。只使用mysqli_real_escape_string是不夠的。添加stripslashes()

即：

$first=stripslashes($_POST['first']); 
$first=mysqli_real_escape_string($con,$_POST['first']); 

等

使用prepared statements會更容易使用。

Answer 2

club.php沒有變化.. insert.php中的一些變化...

<html> 
<head> 
<link rel="stylesheet" type="text/css" href="clubcs.css" /> 
</head> 
<body> 
<?php 
$con=mysqli_connect("localhost","root",""); 
if (!$con) 
{ 
die('Could not connect: ' . mysqli_error($con)); 
} 
mysqli_select_db($con,"clubinfo"); 
$first=stripslashes($_POST['first']); 
$first=mysqli_real_escape_string($con,$_POST['first']); 
$last=stripslashes($_POST['last']); 
$last=mysqli_real_escape_string($con,$_POST['last']); 
$addr=stripslashes($_POST['addr']); 
$addr=mysqli_real_escape_string($con,$_POST['addr']); 
$city=stripslashes($_POST['city']); 
$city=mysqli_real_escape_string($con,$_POST['city']); 
$contact=stripslashes($_POST['contact']); 
$contact=mysqli_real_escape_string($con,$_POST['contact']); 
$sql1="INSERT INTO clubdata (FirstName, LastName, Address, City,Contact_no) 
VALUES ('$first', '$last', '$addr', '$city', '$contact')"; 
if (!mysqli_query($con,$sql1)) 
{ 
die('Error: ' . mysqli_error($con)); 
} 
echo "You have successfully registered with us!"; 
mysqli_close($con); 
?> 
</body> 
</html> 

謝謝@Fred -ii-再次!!