[英]How do I insert data in a mySQL database from a form using PHP?
I need to insert students into my database. 我需要将学生插入我的数据库。
The Students table has 3 fields. 学生表有3个字段。
id_Students
, Student_firstname
and Student_surname
id_Students
, Student_firstname
和Student_surname
I want the user to insert the data into a form, press a submit button and then the data be added to the database, but I'm not having much luck. 我希望用户将数据插入表单,按下提交按钮然后将数据添加到数据库中,但我没有太多运气。
Here is what I have done so far: 这是我到目前为止所做的:
The form: 表格:
<form method="POST">
First name: <input type="text" name="firstname"><br>
Surname: <input type="text" name="surname">
<input type="submit" name="action"></button>
</form>
The function to add the student: 添加学生的功能:
function addStudent()
{
$data = "INSERT INTO Students (Student_firstname, Student_surname)
VALUES('$_POST['firstname']', '$_POST['surname']')";
if(!$data)
{
die("Invalid Query: " . mysql_error());
}
}
if( isset($_POST['action']))
{
addStudent();
}
My first thought is that I am not asking the user to input the student id number, but this is set to auto-incrementing, which made me think I could add the other 2 fields and the id would be filled in automatically. 我的第一个想法是我不是要求用户输入学生ID号,但是这被设置为自动递增,这使我认为我可以添加其他2个字段并且id将自动填写。
Furthermore, I do not recieve my error message, the data is simply not put into the table. 此外,我没有收到我的错误消息,数据根本没有放入表中。
-- You need to execute query. - 您需要执行查询。
-- your query is not correct - 您的查询不正确
try like this: 试试这样:
function addStudent()
{
$data = "INSERT INTO Students (Student_firstname, Student_surname)
VALUES('".$_POST['firstname']."', '".$_POST['surname']."')";
$mysqli = new mysqli("host", "my_user", "my_password", "db_name");
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if(!$mysqli->query($data))
{
die("Invalid Query: " . $mysqli->error());
}
}
You should use prepared statements so you can combat SQL Injection from malicious users, and a conditional statement in order to evaluate whether or not our insertion was successful. 您应该使用预准备语句,以便可以与恶意用户对抗SQL注入,并使用条件语句来评估我们的插入是否成功。
function addStudent(){
$mysqli = new mysqli('host', 'user', 'password', 'database');
$stmt = $mysqli->prepare('INSERT INTO Students (Student_firstname, Student_surname) VALUES(?, ?)');
$stmt->bind_param('ss', $_POST['firstname'], $_POST['surname']);
if($stmt->execute()):
echo 'We have successfully added this student.';
else:
exit('execute() failed: ' . $stmt->error);
endif;
$stmt->close();
}
you have to run the query using mysql_query
你必须使用
mysql_query
运行查询
$sql = "INSERT INTO Students (Student_firstname, Student_surname)
VALUES('$_POST['firstname']', '$_POST['surname']')";
$result=mysql_query($sql);
also its better to use mysqli
than mysql
as its being deprecated. 因为它被弃用,使用
mysqli
比使用mysql
更好。 You may also need to read a bit about SQL injection
also 您可能还需要阅读一些有关
SQL injection
First thing below is not correct 下面的第一件事是不正确的
$data = "INSERT INTO Students (Student_firstname, Student_surname) VALUES('$_POST['firstname']', '$_POST['surname']')"; $ data =“INSERT INTO Students(Student_firstname,Student_surname)VALUES('$ _ POST ['firstname']','$ _POST ['surname']')”;
it should be as 它应该是
$data = "INSERT INTO Students (Student_firstname, Student_surname) VALUES('".$_POST['firstname']."', '".$_POST['surname']."')"; $ data =“INSERT INTO Students(Student_firstname,Student_surname)VALUES('”。$ _ POST ['firstname']。“','”。$ _ POST ['surname']。“')”;
2nd thing 第二件事
You are not executing the query you need use mysql_query() learn here http://in2.php.net/mysql_query 你没有执行你需要使用的查询mysql_query()在这里学习http://in2.php.net/mysql_query
You haven't executed the Query. 您尚未执行查询。 After
后
$data = "INSERT INTO Students (Student_firstname, Student_surname)
VALUES('$_POST['firstname']', '$_POST['surname']')";
You should execute your SQL query by, 你应该执行你的SQL查询,
$exec = mysql_query( $data, $con );
where $data
is your query & $con
is estabilishing mysql connection. 其中
$data
是你的查询& $con
是建立mysql连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.