PHP 表格不会插入 MYSQL
[英]PHP form won't insert into MYSQL
问题描述
There are many such errors but this one is mine.
有很多这样的错误,但这个是我的。
I have a PHP ticketing type form that I want to insert information into a MYSQL database.我有一个 PHP 票务类型表单,我想将信息插入 MYSQL 数据库。
Here is the PHP form:这是 PHP 表格:
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<form name="ticket-form" id="ticket-form" action="get_response.php" method="POST">
<p>Please provide your first name: <input type="text" name="firstName" id="firstName" placeholder="John" required></p>
<p>Please provide your last name: <input type="text" name ="lastName" id="lastName" placeholder="Smith" required></p>
<p>Please indicate if you are a company or a contractor:
<input type="radio" name="clientType" id="clientType" value="company">Company
<input type="radio" name="clientType" id="clientType" value="contractor" checked>Contractor</p>
<p>Please provide an email address: <input type="email" name="email" id="email" placeholder="John123@example.com"><br></p>
<p>Please provide a phone number if you'd prefer: <input type="text" name="number" id="number" max="13" placeholder="07654321234"><br></p>
<p>Please detail your query, going in to as much detail as possible: </p>
<textarea name="query" id="query" rows="8" cols="80" placeholder="Please detail the nature of your issue, going in to as much detail as possible."></textarea><br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
And here is the get_response.php这是get_response.php
<?php
require_once("config.php");
require_once("index.php");
$datetime = new DateTime();
$datestring = $datetime->format('d-m-Y H:i:s');
$first_name = mysqli_real_escape_string($conn, $_POST['firstName']);
$second_name = mysqli_real_escape_string($conn, $_POST['lastName']);
$client_type = mysqli_real_escape_string($conn, $_POST['clientType']);
$email_address = mysqli_real_escape_string($conn, $_POST['email']);
$query = mysqli_real_escape_string($conn, $_POST['query']);
$phone_number = mysqli_real_escape_string($conn, $_POST['number']);
$sql = "INSERT INTO
tickets (first_name, second_name, client_type, email_address, phone_number, query)
VALUES
('$first_name', '$second_name', '$client_type', '$email_address', '$phone_number', '$query')";
if($conn->query($sql)){
echo "<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
else
{
die('There was an error running the query [' . mysqli_error($conn) . ']');
}
// else
// {
// echo "<p>Please supply valid information.</p>";
// }
mysqli_close($conn);
?>
php config.php
Will indicate a successful connection with the $conn variable, but to eliminate the issue:将指示与 $conn 变量的成功连接,但要消除此问题:
<?php
$servername = "xxxxx";
$username = "xxxxx";
$password = "xxxxx";
$dbname = "tickets";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
} ?>
php get_response.php
Will insert empty data into the database.将空数据插入数据库。 Yet the form does not work by posting the information.然而,表格并不能通过发布信息来工作。
I know there might be other bugs.我知道可能还有其他错误。 I'm very new to PHP and MYSQL.我对 PHP 和 MYSQL 非常陌生。 Any help is much appreciated.任何帮助深表感谢。 Thanks in advance.提前致谢。
Edit: Some error logs as requested.That's all there is from today.编辑:根据要求提供一些错误日志。这就是今天的全部内容。
[Fri Nov 01 12:24:51.342604 2019] [mpm_event:notice] [pid 673:tid 140589056359360] AH00489: Apache/2.4.38 (Ubuntu) configured -- resuming normal operations
[Fri Nov 01 12:24:51.343298 2019] [core:notice] [pid 673:tid 140589056359360] AH00094: Command line: '/usr/sbin/apache2'
Edit2: Solved, sorta. Edit2:解决了,有点。
I tried remaking the form in my regular Mac OS X operating system and it works fine.我尝试在我的常规 Mac OS X 操作系统中重新制作表单,它工作正常。 There seems to have been something fundamentally wrong with either Virtual box, how it communicates with modern OS X software or some personal configuration.虚拟盒子似乎存在根本性的问题,它与现代 OS X 软件的通信方式或某些个人配置。 Although I can connect to mysql in the Linux command line it won't work through the form.虽然我可以在 Linux 命令行中连接到 mysql,但它无法通过表单工作。
1 个解决方案
解决方案1
1 2019-11-01 15:28:11
I had a spare 20mins whilst installing MS SQL Server so quickly refactored your code to make use of prepared statements to mitigate SQL injection attacks.在安装 MS SQL 服务器时,我有 20 分钟的空闲时间,如此迅速地重构了您的代码,以利用prepared statements来缓解 SQL 注入攻击。 It is not tested so there might be minor errors which I overlooked but I hope it'll prove useful它没有经过测试,所以可能会有我忽略的小错误,但我希望它会被证明是有用的
<?php
$status=false;
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$errors=array();
$args=array(
'firstName' => FILTER_SANITIZE_STRING,
'lastName' => FILTER_SANITIZE_STRING,
'clientType' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'query' => FILTER_SANITIZE_STRING,
'number' => FILTER_SANITIZE_STRING
);
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) ) $errors[]=sprintf( 'The field "%s" is not set', $field );
}
foreach( $_POST as $field => $value ){
if( !in_array( $field, array_keys( $args ) ) )$errors[]=sprintf( 'Unknown field "%s"', $field );
}
if( empty( $errors ) ){
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
require_once 'config.php';
require_once 'index.php';
$sql='insert into `tickets`
( `first_name`, `second_name`, `client_type`, `email_address`, `phone_number`, `query` )
values
( ?, ?, ?, ?, ?, ? )';
$stmt=$conn->prepare( $sql );
if( !$stmt )$errors[]='The SQL Prepared Statement failed';
$stmt->bind_param('ssssss', $firstName, $lastName, $clientType, $email, $query, $number );
$stmt->execute();
$status=$conn->affected_rows;
}
}
?>
<html lang='en' dir='ltr'>
<head>
<meta charset='utf-8'>
<title></title>
</head>
<body>
<form name='ticket-form' method='POST'>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
if( !empty( $errors ) ){
printf( '<pre>%s</pre>',print_r($errors,true) );
} else {
if( $status ){
echo "
<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
}
}
?>
<label>Please provide your first name: <input type='text' name='firstName' placeholder='John' required></label>
<label>Please provide your last name: <input type='text' name ='lastName' placeholder='Smith' required></label>
<label>
Please indicate if you are a company or a contractor:
<input type='radio' name='clientType' value='company'>Company
<input type='radio' name='clientType' value='contractor' checked>Contractor
</label>
<label>Please provide an email address: <input type='email' name='email' id='email' placeholder='John123@example.com'></label>
<label>Please provide a phone number if you'd prefer: <input type='text' name='number' id='number' max='13' placeholder='07654321234'></label>
<label>
Please detail your query, going in to as much detail as possible:
<textarea name='query' rows='8' cols='80' placeholder='Please detail the nature of your issue, going in to as much detail as possible.'></textarea>
</label>
<input type='submit' />
</form>
</body>
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.