[英]Empty values with PHP/MySQL INSERT INTO
I need to do an school assigment and I have run into quite few problems, but I don't understand why the code below gives empty values to the table. 我需要做一次学校作业,遇到了很少的问题,但是我不明白为什么下面的代码给表赋予了空值。 Only NOW() gets inserted into the table, otherwise it says Query Empty or something like that.
只有NOW()会插入到表中,否则会显示查询为空或类似的内容。 I had the same code on different page and with different table and it worked like a charm.
我在不同的页面和不同的表上有相同的代码,它就像一个魅力。
Regards, Werner. 问候,沃纳。
<?php
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$pnimi =$_REQUEST['pitsa_nimi'];
$id =$_REQUEST['pitsatyybinimi'];
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'INSERT INTO tellimused_pitsad '.
'(pitsa_nimi,aeg,toidutyybi_id)'.
"VALUES ( '$pnimi', NOW(), '$id' )";
mysql_select_db('carl.reinomagi');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo mysql_error();
echo "Entered data successfully\n";
mysql_close($conn);
header("location:tellimine.php");
?> ?>
This is the previous page ( ordering ) code : 这是上一页(订购)的代码:
<?php
$tulemus = mysql_query("SELECT * FROM pitsad, pitsatyybid WHERE pitsad.toidutyybi_id = pitsatyybid.id", $dbhandle);
while ($row = mysql_fetch_assoc($tulemus))
{
?>
<tr><form action="telli.php">
<td><? echo $row['pitsa_nimi']; ?></td>
<td><? echo $row['hind']; ?></td>
<td><? echo $row['valmimisaeg']; ?> Minutit</td>
<td><? echo $row['pitsatyybinimi']; ?></td>
<td>
<input type="submit" value="TELLI"/>
</form></td>
</tr>
<?php
}
?>
</table>
Please, don't use
mysql_*
functions in new code .请不要在新代码中使用
mysql_*
函数 。 They are no longer maintained and are officially deprecated .它们不再维护,已正式弃用 。 See the red box ?
看到红色框了吗? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which.
相反,要了解准备好的语句 ,并使用PDO或MySQLi- 本文将帮助您确定哪一个。 If you choose PDO, here is a good tutorial .
如果您选择PDO, 这是一个很好的教程 。
Here's a better example using PDO. 这是使用PDO的更好示例。 This code is completely safe against SQL Injection, and is better than using
mysql_*
functions. 该代码对于SQL注入是完全安全的,并且比使用
mysql_*
函数更好。
Make sure to read the comments and understand the code. 确保阅读注释并理解代码。
<?php
# Database Connection #
try {
$conn = new PDO("mysql:host=localhost;dbname=carl.reinomagi", "root", ""); //Please consider having different credentials.
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //Throw Exceptions on errors - This disables the need to check for errors, see the catch block below.
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); //True prepared statements.
## Prepreations ##
$pnimi = $_POST["pitsa_nimi"];
$id = $_POST["pitsatyybinimi"]; //Please use $_POST or $_GET rather than $_REQUEST
## Data validation ##
if (empty($pnimi) || empty($id)) {
//One of the variables is empty, return an error to the user.
}
//Few things about this:
//Note the `backticks` around table and column names. This helps readability.
//Also note the placeholders :pnimi and :id, those placeholders for the prepared statement.
$query = "INSERT INTO `tellimused_pitsad` (`pitsa_nimi`, `aeg`, `toibutyybi_id`) VALUES (:pnimi, NOW(), :id);";
$statement = $stmt->prepare($query);
$statement->bindValue(":pnimi", $pnimi); //Bind the values to the placeholders
$statement->bindValue("id", $id);
$statement->execute();
header("Location: tellimine.php");
}
catch (PDOException $e) {
echo "An error has occured! " . $e->getMessage(); //Echo a generic error to all mysql error messages.
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.