MySQL-PHP表格将值插入表格?
[英]MySQL - PHP form to insert values into table?
问题描述
I would like to add comments to a database using a simple form. 
我想使用一种简单的形式向数据库添加注释。 For whatever reason, I can't seem to get the table to update when I use said form. 无论出于什么原因,当我使用上述表格时,似乎都无法更新表格。 I'm not getting any errors, it's just that nothing happens when I refresh the table afterwards. 我没有收到任何错误,只是稍后再刷新表时什么也没有发生。 In other words, even after submitting the form, the table still has 0 entries. 换句话说,即使提交表单后,该表仍具有0个条目。 Here is my code: 这是我的代码:
<?php
session_start();
$connection = mysql_connect("server", "username", "password");
if ($connection->connect_error) {
die('Connect Error: ' . $connection->connect_error);
}
// Selecting Database
mysql_select_db("database", $connection) or die(mysql_error());
$name = $_POST['name'];
$title = $_POST['title'];
$comments = $_POST['comments'];
$sql = "INSERT INTO comments (Name, Title, Comments)
VALUES ('$name', '$title', '$comments')";
mysql_close($connection); // Closing Connection
?>
Thank you for your help! 谢谢您的帮助!
2 个解决方案
解决方案1
4 已采纳 2014-12-01 18:21:21
You don't ever actually execute your query: 您实际上从未执行过查询:
$sql = "INSERT INTO comments (Name, Title, Comments)
VALUES ('$name', '$title', '$comments')";
$result = mysql_query($sql);
Other things: 其他事情:
if ($connection->connect_error) {is not valid.if ($connection->connect_error) {无效。 You can't use the old mysql API in an OOP fashion.您不能以OOP方式使用旧的mysql API。 You need to use mysqlifor that.您需要为此使用mysqli。Please, don't use
mysql_*functions in new code .请不要在新代码中使用mysql_*函数 。 They are no longer maintained and are officially deprecated .它们不再维护,已正式弃用 。 See the red box ? 看到红色框了吗? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. 相反,要了解准备好的语句 ,并使用PDO或MySQLi- 本文将帮助您确定哪一个。 If you choose PDO, here is a good tutorial . 如果您选择PDO, 这是一个很好的教程 。 You are also wide open to SQL injections
您还可以接受SQL注入 You do no error checking.
您不进行错误检查。 How do you expect to know if there are problems if you don't look for them? 如果您不查找问题,您如何期望知道是否存在问题?
解决方案2
0 2014-12-01 18:49:53
(note: please change server, username, and password for your server information) (注意:请更改服务器,用户名和密码以获取服务器信息)
<?php
session_start();
$connection = mysql_connect("server","username","password");
if (!$connection) {
die('Connect Error: ' . mysql_error());
}
// Selecting Database
mysql_select_db("database",$connection) or die(mysql_error());
$name = $_POST['name'];
$title = $_POST['title'];
$comments = $_POST['comments'];
$sql = "INSERT INTO comments (Name,Title,Comments)
VALUES ('$name', '$title', '$comments')";
mysql_query($sql);
mysql_close($connection); // Closing Connection
?>
For security (defense against SQL injection) you can using mysql_real_escape_string function for limit input fields. 为了安全(防止SQL注入),您可以将mysql_real_escape_string函数用于限制输入字段。 For example: 例如:
$name = mysql_real_escape_string($_POST['name']);
$title = mysql_real_escape_string($_POST['title']);
$comments = mysql_real_escape_string($_POST['comments']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.