如何将日期和user_id插入mysql
[英]How to insert date and user_id to mysql
问题描述
I'm quite new in PHP and MySQL. 
我是PHP和MySQL的新手。 I tried to make message board where user can post some message on wall and the every logged user can read it. 我尝试制作留言板,用户可以在墙上发布一些消息,每个登录的用户都可以阅读。
Now when someone add message doesn't write in table author_id and date_added. 现在当有人添加消息时,不会在表author_id和date_added中写入。 I need them when results are displayed. 显示结果时我需要它们。
Here is new.php 这是new.php
if(isset($_POST['formSubmit']))
{
$errorMessage = "";
if(empty($_POST['formTitle']))
{
$errorMessage .= "<li>Doesn't have title!</li>";
}
if(empty($_POST['formContent']))
{
$errorMessage .= "<li>The field for content is empty!</li>";
}
if(empty($errorMessage))
{
$db = mysql_connect("localhost","root","");
if(!$db) die("Error connecting to MySQL database.");
mysql_select_db("homework3" ,$db);
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";
mysql_query($sql);
header("Location: index.php");
exit();
}
}
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value="" style="width: 350px;"></label></div></br>
<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>
<input type="submit" class="formbutton" name="formSubmit" value="Send"/>
</form>
Edit: I don't know if you need this but this is how I display massages: 编辑:我不知道你是否需要这个,但这是我如何显示按摩:
$sql = 'SELECT username, msg_id, title, content, date_added FROM massages as m, users as u WHERE author_id = user_id ORDER BY m.date_added DESC';
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$real_date = date('d.m.Y', $row['date_added']);
echo '<table>
<tr>
<td>' . $row['msg_id'] . '. ' . $row['title'] . '</td>
</tr>
<tr>
<td>' . $row['content'] . '</td>
</tr>
<tr>
<td>By<span style="color: #CC0033;">' . $row['username'] . '</span> on <span style="color: #CC0033;">' . $real_date . '</span></td></br>
</tr>
</table>';
}
} }
4 个解决方案
解决方案1
2 2013-10-04 08:15:24
When author login, Store author_id in session. 当作者登录时,在会话中存储author_id 。
$author_id=$_SESSION['username'];
Then store it in database. 然后将其存储在数据库中。
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$author_id', 'NOW()', '$_POST[formTitle]', '$_POST[formContent]')";
NOTE 注意
Don't forget to start the session on the top 不要忘记在顶部开始会话
<?php
session_start();
// then your all code
解决方案2
1 已采纳 2013-10-04 08:11:19
You can use hidden attributes ie type = 'hidden' for auther_id 您可以使用隐藏属性,即为auther_id type = 'hidden'
For example in your form 例如在您的表单中
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value="" style="width: 350px;"></label></div></br>
<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>
<input type="hidden" name="author_id" value="<?php echo $_SESSION['what_ever']; ?>"/>
<input type="submit" class="formbutton" name="formSubmit" value="Send"/>
</form>
NOTE: <?php echo $_SESSION['what_ever']; ?> 注意: <?php echo $_SESSION['what_ever']; ?> <?php echo $_SESSION['what_ever']; ?> is just an assumption of how your author_id could be <?php echo $_SESSION['what_ever']; ?>只是假设你的author_id可能是什么
and for date_added you can create add this directly in the query no need to post it via form 对于date_added,您可以直接在查询中创建添加,无需通过表单发布
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";
You should also avoid sending author_id via post and add it rather in this manner 您还应该避免通过post发送author_id并以这种方式添加它
$auther_id = $_SESSION['username'];
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$auther_id', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";
IMPORTANT 重要
PHP is deprecating the mysql functions you must need to use mysqli Why shouldn't I use mysql_* functions in PHP? PHP正在弃用使用mysqli必需的mysql函数为什么我不应该在PHP中使用mysql_ *函数?
解决方案3
1 2013-10-04 08:13:03
In your table change author_id to auto increment, No need to add it in INSERT query. 在您的表中将author_id更改为自动递增,无需在INSERT查询中添加它。
Try below change: 尝试以下更改:
$date_added = date('Y-m-d');
$sql = "INSERT INTO massages (`date_added`, `title`, `content`) VALUES ( '$date_added', '$_POST[formTitle]', '$_POST[formContent]')";
mysql_query($sql);
解决方案4
0 2013-10-04 08:17:50
As mentioned in the comments, you should avoid using the mysql_* commands, however the problem is with the following line: 如评论中所述,您应该避免使用mysql_*命令,但问题在于以下行:
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";
In order to embed an array variable in string you have to surround it with braces, eg. 为了在数组中嵌入数组变量,你必须用大括号包围它,例如。
"{$_POST['author_id']}"
BUT you should not do this in your example as it would leave you wide open to a mysql injection attack. 但是你不应该在你的例子中这样做,因为它会让你对mysql注入攻击敞开大门。 The old way of dealing with this is to escape each of posted variable using mysql_escape_string() , but the better way of dealing with this is to use the PDO Data objects eg http://www.php.net/manual/en/pdostatement.bindvalue.php 处理这个问题的旧方法是使用mysql_escape_string()来mysql_escape_string()每个已发布的变量,但更好的处理方法是使用PDO Data对象,例如http://www.php.net/manual/en/pdostatement .bindvalue.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.