如何接受用戶輸入php

Question

我正在製作一個事件管理系統。我不知道有什麼問題，點擊submitbutton後，它只是繼續重新加載。

這裏是我的HTML碼

<?php 
session_start(); 

if (!isset($_SESSION['username'])) { 
    $_SESSION['msg'] = "You must log in first"; 
    header('location: login.php'); 
} 

if (isset($_GET['logout'])) { 
    session_destroy(); 
    unset($_SESSION['username']); 
    header("location: login.php"); 
} 

<div class="header"> 
    <h2>Create Event</h2> 
</div> 

<form method="post" action="create_event.php"> 
    <div class="input-group"> 
     <label>Event Title</label> 
     <input type="text" name="event_title" > 
    </div> 
    <div class="input-group"> 
    <label>Pick Location</label> 
     <select name="location"> 
      <option>Alabang</option> 
      <option>South City</option> 
      <option>Batangas</option> 
      <option>Cavite</option> 
      <option>Laguna</option> 
     </select> 
    <div class="input-group"> 
    <label>Address</label> 
    <textarea rows="4" cols="50" name="address"></textarea> 
    </div> 
    <div class="date"> 
    <label>Pick date and time</label> 
    <input type="date" name="date"></br> 
    <input type="time" name="time"> 
    </div> 
    <div class="event_info"> 
     <label>Event Information</label> 
     <textarea rows="4" cols="50" name="event_info"></textarea> 
    </div> 
    <div class="input-group"> 
     <button type="submit" class="btn" name="create_event">Create Event</button> 
    </div> 
</form> 

PHP代碼：

// Create Event 
if (isset($_POST['create_event'])) { 
    // receive all input values from the form 
    $event_title = mysql_real_escape_string($_POST['event_title']); 
    $location = mysql_real_escape_string($_POST['location']); 
    $address = mysql_real_escape_string($_POST['address']); 
    $date = mysql_real_escape_string($_POST['date']); 
    $time = mysql_real_escape_string($_POST['time']); 
    $event_info = mysql_real_escape_string($_POST['event_info']); 
    $query="select * from `event` where event_title='$_POST[event_title]' or time='$_POST[time]' or date='$_POST[date]'"; 
    $result=mysql_query($query); 
    $count=mysql_num_rows($result); 
    if($count>0) 
     { 
      array_push($errors, "Already used"); 
     } 


    // form validation: ensure that the form is correctly filled 
    if (empty($event_title)) { array_push($errors, "Please input title"); } 
    if (empty($location)) { array_push($errors, "Location is required"); } 
    if (empty($address)) { array_push($errors, "Location is required"); } 
    if (empty($time)) { array_push($errors, "Time is required"); } 
    if (empty($date)) { array_push($errors, "Date is required"); } 
    if (empty($event_info)) { array_push($errors, "Date is required"); } 


    // register user if there are no errors in the form 
    if (count($errors) == 0) { 
     $query = "INSERT INTO `event` (event_title,location,address,time,date,event_info) VALUES ('$event_title', '$location','$address','$time','$date','$event_info')"; 
$result = mysql_query($query); 
echo("success"); 
    } 

} 

我不覺得有什麼不妥，因爲如果我點擊submitbutton，沒有錯誤彈出。它只是重新加載，但沒有數據發送到我的數據庫。

Answer 1

修改在表格的提交按鈕這樣的：

<input type = "submit" name = "create_event" value="create event"/> 

在行動中使用

而且$_SERVER['PHP_SELF']變量。像這樣...

 <form action ="<?php echo 
     htmlspecialchars($_SERVER['PHP_SELF']); 
     ?>" method = "post"> 

在數據庫查詢中，請使用PDO語句，它很簡單和安全。在使用之前還要對用戶輸入進行清理。