从html页将数据插入数据库表时出现错误

Question

This is my php code , I am warning at the line of inserting the data please provide the answer

                if($_POST['submitted'] == 1){

                    $q = "INSERT INTO user(fullname,email,password,conform-password,mobileno) VALUES ('$_POST[form-full-name]','$_POST[form-email]','$_POST[form-password]','$_POST[form-conform-password]','$_POST[form-mobile-no]')";

                    $r= mysqli_query($dbc,$q); 

                    if($r){

                        echo '<p>you are REGISTERED SUCCESSFULLY !</p>';
                    }
                    else{

                        echo '<p>your REGISTRATION FAILED !</p>'.mysqli_error($dbc);
                        echo '<p>'.$q.'</p>';
                    }

                }

//"plz give me the solution for my problem"

Blockquote

Answer 1

In case if you don't want to assign variables so that no memory allocation occurs then you can try using this:

           <?php

            if($_POST['submitted'] == 1){

                  $q = "INSERT INTO user(`fullname`,`email`,`password`,`conform-password`,`mobileno`) VALUES (?,?,?,?,?)";

                  $stmt = $mysqli->prepare($q);

                    if ( false===$stmt ) {

                    die('prepare() failed: ' . htmlspecialchars($mysqli->error));
                    }

                  $rc = $stmt->bind_param("sssss",  $_POST['form-full-name'], $_POST['form-email'], $_POST['form-password'], $_POST['form-conform-password'],$_POST['form-mobile-no']);


                  if ( false===$rc ) {

                      die('bind_param() failed: ' . htmlspecialchars($stmt->error));
                    }

                  $rc = $stmt->execute();
                    if ( false===$rc ) {
                      die('execute() failed: ' . htmlspecialchars($stmt->error));
                    }

                   $stmt->close();


            }

According to this example you have to use mobile number datatype as string in table field.

Do not need to save confirm password in table and you should use prepare statement for insertion. It will make your query secure for insertion in this case

Answer 2

try this

 if($_POST['submitted'] == 1)
{

  $full_name =$_POST['form-full-name'];
  $form_email=$_POST['form-email'];
  $password = $_POST['form-password'];
  $conform_pass=$_POST['form-conform-password'];
  $mobile =$_POST['form-mobile-no'];

  $q = "INSERT INTO user(fullname,email,password,conform-password,mobileno) VALUES ('$full_name','$form_email','$password','$conform_pass','$mobile')";

  $r= mysqli_query($dbc,$q); 

  if($r)
  {

   echo '<p>you are REGISTERED SUCCESSFULLY !</p>';
  }
  else{

    echo '<p>your REGISTRATION FAILED !</p>'.mysqli_error($dbc);
    echo '<p>'.$q.'</p>';
      }

    }

you missing the single quote $_POST[''] method

Answer 3

Just try saving your posted form data to php variable and then use that in   your insert query.

For ex: 

$fullname = $_POST['form-full-name'];
$email = $_POST['form-email'];
$password = $_POST['form-password'];
$confirmpassword = $_POST['form-conform-password'];
$mobilenumber = $_POST['form-mobile-no'];

And then the query as 


$q = "INSERT INTO user(fullname,email,password,conform-password,mobileno) VALUES ('$fullname','$email ','$password ','$confirmpassword ','$mobilenumber ')";


Hope this help.

Answer 4

谢谢大家的答复，我解决了一个我犯了2个错误的问题1）使用“-”，我用_下划线（ex：form_email）代替了2）我使用过isset（）函数更改以上2件事后，我正在获取数据我的数据库