通过HTML表单执行查询
[英]Executing query through HTML form
问题描述
views/registration.php 
意见/和registration.php
<form action="classes/registration.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit">
</form>
classes/registration.php 班/和registration.php
if(isset($_POST['submit']))
{
// Define form variables
$username = $_POST['username'];
$password= $_POST['password'];
// Insert form data into database
$query = "INSERT INTO users (username, password)
VALUES ('$username', '$password')";
if(mysqli_query($conn, $query))
{
echo "Registration successfull.";
}
}
The problem is, when I click submit, I get a blank page. 问题是,当我单击提交时,我得到一个空白页。 The query isn't being executed. 查询未执行。
I thought the problem might be because my values aren't setup correctly, so I did the following: 我认为问题可能是因为我的值设置不正确,所以我做了以下事情:
VALUES ('$_POST['password']', '$_POST['password']')";
but that gives me an error, presumably because I am using ' inside of ' 但这给了我一个错误,大概是因为我在使用'inside'
So now I am back to square one, unsure of why my query isn't being executed 所以现在回到第一个问题,不确定为什么我的查询没有被执行
2 个解决方案
解决方案1
3 已采纳 2014-12-12 00:22:19
You are getting a blank page because you don't echo something if $_POST submit isn't set. 您得到的是空白页,因为如果未设置$ _POST提交,则不会回显任何内容。
if(isset($_POST['submit']))
is never true as your $_POST['submit'] is never set. 永远不会是真的,因为您的$ _POST ['submit']从未设置。 You need to give your submit a name, this (the name) is what get's POSTed / what you can access within $_POST[' /*name of input*/ '] 您需要给您的提交者起一个名字,这个(名字)就是所发布的内容/您可以在$_POST[' /*name of input*/ ']
Change your form to the following, then you should see your 将表格更改为以下内容,然后您应该会看到
echo "Registration successfull.";
HTML: HTML:
<form action="classes/registration.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="text" name="password"><br>
<input type="submit" name="submit"> <!-- <<<<<<<<<<< here -->
As a sidenote, you should absolutely consider using a prepared statement. 作为附带说明,您绝对应该考虑使用准备好的语句。 Running a registration form with your insert query is like an invitation for people keen on ruining your server. 使用插入查询运行注册表单就像是对那些热衷于破坏服务器的人们的邀请。 You might want to try the query like this: 您可能想尝试如下查询:
$query = $conn->prepare("INSERT INTO users (username, password) VALUES (?,?)");
$query->bind_param('ss',$username,$password);
$query->execute;
This way, you will be secured against mysql injection. 这样,您将可以防止mysql注入。
解决方案2
1 2014-12-12 05:37:59
Your file naming and paths seem to be mismatching(as per the file names you provided). 您的文件命名和路径似乎不匹配(根据您提供的文件名)。
No matter if you keep: 无论您是否保留:
views/registration.php
views/classes/registration.php
But if you follow: 但是,如果您遵循:
--/classes
/registration.php
--/views
/registration.php
[ Note: ' --/ ' is the path of your root directory ] [ 注意:' --/ '是您的根目录的路径 ]
Then the form action classes/registration.php won't go anywhere. 然后,表单action classes/registration.php不会出现在任何地方。 So change it: 所以改变它:
<form action="../classes/registration.php" method="post">
I suggest to follow the naming convention: 我建议遵循命名约定:
filename - for pages with HTML forms, and 文件名 -用于具有HTML表单的页面,以及
filename_action - for action pages filename_action-用于操作页面
Also notice the possible error cases mentioned by user baao in the other answer. 还要注意用户baao在另一个答案中提到的可能的错误情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.