[英]html form to mysql database
hi so i have to make a blog and I'm having a bit of a problem of showing my entries onto the webpage. 您好,我必须做一个博客,并且在将我的条目显示到网页上时遇到一些问题。
<?xml version = "1.0" encoding = "utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns = "http://www.w3.org/1999/xhtml">
<head> <title> Add entry </title>
</head>
<body>
<form action = "text1.php" method = "post">
Title: <input type = "text" name = "title"><br>
Body:
<textarea rows="10" cols="100" name="textblock"></textarea>
<input type = "submit" value = "Add Entry" />
</body>
</html>
and my php code 和我的PHP代码
<?php
$title = $_POST['title'];
$textblock = $_POST['textblock'];
$host = "xxxxxx" ;
$user = "xxx" ;
$pass = "xxx" ;
$db = "xxx" ;
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db")or die(mysql_error());
$query = "INSERT INTO yourMySQLTable (title, textblock) VALUES ('$title','$textblock')";
mysql_query($query) or die('Error, insert query failed');
?>
I want to display each entry, consisting of the title and the textblock on another webpage but for some reason the values are not going into the table. 我想在另一个网页上显示每个条目,包括标题和文本块,但是由于某些原因,这些值没有进入表中。 How do I input the values into the table and how do I display them on another webpage called viewblog.php?
如何将值输入到表中,以及如何在另一个名为viewblog.php的网页上显示它们?
Use the following: 使用以下内容:
$host = "xxxxxx" ;
$user = "xxx" ;
$pass = "xxx" ;
$db = "xxx" ;
// Connect to server and select database.
mysql_connect($host, $username, $password)or die(mysql_error());
mysql_select_db($db)or die(mysql_error());
$title = mysql_real_escape_string($_POST['title']);
$textblock = mysql_real_escape_string($_POST['textblock']);
$query = "INSERT INTO tableName (title, textblock) VALUES ('$title','$textblock')";
mysql_query($query) or die(mysql_error());
To display them: 要显示它们:
$query = "SELECT * FROM tableName";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) {
echo $row['title'] . ' - ' . $row['textblock'] . '<br />';
}
You should be using PDO for Database interactions, mysql_* functions are depcrecated and un-safe. 您应该使用PDO进行数据库交互,不建议使用mysql_ *函数,并且该函数不安全。 PDO will sanitize your variables to prevent SQL Injection attacks.
PDO会清理您的变量以防止SQL注入攻击。
http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059 http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059
You have a "here" attached to your variable: here$textblock = $_POST['textblock'];
您在变量上附加了“ here”:
here$textblock = $_POST['textblock'];
Also try this: $query = "INSERT INTO yourMySQLTable (title, textblock) VALUES ('" . $title . "','" . $textblock . "')";
也可以尝试以下方法:
$query = "INSERT INTO yourMySQLTable (title, textblock) VALUES ('" . $title . "','" . $textblock . "')";
Since other answers have been given in order to help you with your INSERT, I won't repeat it in this answer. 由于已给出其他答案来帮助您进行INSERT,因此在此答案中不再赘述。
Edit : An INSERT method has been added below, using mysqli_*
functions. 编辑 :下面已使用
mysqli_*
函数添加了INSERT方法。
Mine consists of your second part: 我的第二部分包括:
"I want to display each entry, consisting of the title and the textblock on another webpage"
“我想在另一个网页上显示每个条目,包括标题和文本块”
If you wish to show data from a DB table, you need to use a loop. 如果希望显示数据库表中的数据,则需要使用循环。
Here is a mysqli_*
based version and a very basic method. 这是基于
mysqli_*
的版本和非常基本的方法。
<?php
// $db = new mysqli("host", "user", "pw", "db");
// CONNECT TO THE DATABASE
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";
$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($db->connect_errno > 0) {
die('Connection failed [' . $db->connect_error . ']');
}
$result = $db->query("SELECT * FROM `yourMySQLTable`");
while($row = $result->fetch_assoc()) {
echo "<b>Title:</b> " . $row['title'] . " <b>Text:</b> " . $row['textblock'] . "<br>";
}
mysqli_close($db);
?>
Here is an mysqli_*
based and basic version to INSERT values into a DB. 这是一个基于
mysqli_*
的基本版本,可将值插入数据库。
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
$title = mysqli_real_escape_string($dbc,$_POST['title']);
$textblock = mysqli_real_escape_string($dbc,$_POST['textblock']);
$query = ("INSERT INTO `yourMySQLTable` (`title`, `textblock`)
VALUES ('$title','$textblock')";
mysqli_query($dbc, $query);
if($query){
echo "SUCCESS!";
}
else {
echo "Sorry!";
}
?>
Sidenote: Your present code is open to SQL injection . 旁注:您当前的代码可以进行SQL注入 。 Use
mysqli_*
functions. 使用
mysqli_*
函数。 (which I recommend you use and with prepared statements , or PDO ) (我建议您将其与预处理语句或PDO一起使用 )
mysql_*
functions are deprecated and will be removed from future PHP releases. mysql_*
函数已被弃用,并将从以后的PHP版本中删除。
Here are a few tutorials on prepared statements that you can study and try: 这里有一些关于准备好的语句的教程,您可以研究和尝试:
Here are a few tutorials on PDO: 以下是有关PDO的一些教程:
Footnotes: 脚注:
You don't need the extra tags: 您不需要额外的标签:
<?xml version = "1.0" encoding = "utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns = "http://www.w3.org/1999/xhtml">
Changing it to the following will suffice: 将其更改为以下即可:
<!DOCTYPE html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.