2016-08-24 75 views
-1

嗨我輸入數據庫中的4條記錄,一切都很好,我通過表格輸入的記錄被成功添加到數據庫,但是當我瀏覽表中有4條記錄可用,但記錄的內容缺少,請幫助。謝謝。在phpmyadmin coulmns中缺少數據

代碼

<body> 
    <?php 
    $servername = "localhost"; 
    $username = "root"; 
    $password = ""; 
    $dbname = "test"; 
    $conn = new mysqli($servername, $username, $password, $dbname); 
    if ($conn->connect_error) { 
     die("Connection failed: " . $conn->connect_error); 
    } 
    $sql = "INSERT INTO names (firstname, secondname) VALUES ('', '')"; 
    if ($conn->query($sql) === TRUE) { 
     echo "New record created successfully"; 
    } else { 
     echo "Error: " . $sql . "<br>" . $conn->error; 
    } 
    $conn->close(); 
    ?> 
    <?php echo $_POST["firstname"]; ?><br /> 
    <?php echo $_POST["secondname"]; ?> 
    </body> 
</html> 

Sceenshot

enter image description here

+0

可以請您詳細描述一下嗎? –

+0

您需要向我們展示一些代碼,以便我們能夠幫助您 – Epodax

+0

發佈您的代碼(嘗試過) – Karthi

回答

0

您沒有傳遞任何值列。

變化

$sql = "INSERT INTO names (firstname, secondname) VALUES ('', '')"; 

$sql = "INSERT INTO names (firstname, secondname) VALUES ('".$_POST['firstname']."', '".$_POST['secondname']."')"; 

但是,使用Prepared Statements

A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency. Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped. If the original statement template is not derived from external input, SQL injection cannot occur.

更新的代碼

<body> 
    <?php 
    $servername = "localhost"; 
    $username = "root"; 
    $password = ""; 
    $dbname = "test"; 
    $conn = new mysqli($servername, $username, $password, $dbname); 
    if ($conn->connect_error) { 
     die("Connection failed: " . $conn->connect_error); 
    } 
    $stmt = $conn->prepare("INSERT INTO names (firstname, secondname) VALUES (?, ?)"); 
    $stmt->bind_param("ss", $_POST["firstname"], $_POST["secondname"]); 
    if ($stmt->execute()) { 
     echo "New record created successfully"; 
    } else { 
     echo "Error: " . $sql . "<br>" . $conn->error; 
    } 
    $conn->close(); 
    ?> 
    <?php echo $_POST["firstname"]; ?><br /> 
    <?php echo $_POST["secondname"]; ?> 
    </body> 
</html> 
+0

非常感謝@Nana Partykar :-) –

+0

*樂意幫忙。* @TahirKhan Bhai。但是,請再次通讀我的答案。它將幫助您避免SQL注入。 –