將PHP表單添加到SQL數據庫

Question

我試圖通過HTML創建一個表單，它將發送用戶到sql數據庫的信息，但是，當我們刷新屏幕時，它會發送一個空白版本的數據，如果我們發送包含數據的表單將清除信息併發送一箇舊表單。

//這是在HTML表單

<!DOCTYPE html> 
<html lang="en"> 
<head> 
<meta charset="UTF-8"> 
<title>Add Record Form</title> 
</head> 
<body> 
<form action="civilian_whitelist.php" method="post"> 
    <p> 
     <label for="roleplayName">Role Play Name:</label> 
     <input type="text" name="roleplayname" id="roleplayName"> 
    </p> 
    <p> 
     <label for="playerID">Player ID:</label> 
     <input type="text" name="playerid" id="playerID"> 
    </p> 
    <input type="submit" value="Submit"> 
</form> 
</body> 
</html> 

//這是代碼發送到SQL數據庫

<?php 

    if (iaView::REQUEST_HTML == $iaView->getRequestType()) 
    { 
     $iaView->display('civilian_whitelist'); 
    } 

    /* Attempt MySQL server connection. Assuming you are running MySQL 
    server with default setting (user 'root' with no password) */ 
    $link = mysqli_connect("HIDDEN", "ericmcho_pro", "HIDDEN", "ericmcho_pro"); 

    // Check connection 
    if($link === false){ 
     die("ERROR: Could not connect. " . mysqli_connect_error()); 
    } 

    // Escape user inputs for security 
    $roleplayName = mysqli_real_escape_string($link, $_POST['roleplayname']); 
    $playerID = mysqli_real_escape_string($link, $_POST['playerid']); 

    // attempt insert query execution 
    $sql = "INSERT INTO whitelist (Name, UID) VALUES ('$roleplayName', '$playerID')"; 
    if(mysqli_query($link, $sql)){ 
     echo "Records added successfully."; 
    } else{ 
     echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); 
    } 

    // close connection 
    mysqli_close($link); 
    ?> 

Answer 1

至少你應該檢查該字段中的PHP在運行代碼的其餘部分之前設置。

if(isset($_POST['roleplayname'], $_POST['playerid'])){ 
    //code here 
} 

或

if(isset($_POST['submit'])){ 
    //code here 
} 

你也應該使用有關準備語句：

http://php.net/manual/en/mysqli.prepare.php