[英]How do I send user input from a HTML textform to my SQL database?
We started working for the first time with PHP
and my SQL
.我们第一次开始使用
PHP
和我的SQL
。
There are 2 pages the user can go to:有2个页面用户可以go到:
I have no issues POST-ing it, but I need to send this info to the SQL database and I cannot seem to figure out what to do next.我没有问题发布它,但我需要将此信息发送到 SQL 数据库,我似乎无法弄清楚下一步该做什么。
index.php index.php
<?php
// server settings
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "bezoeker";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo 'connection succesfull';
}
$name = $_POST['name'];
$lastName = $_POST['lastname'];
$favColor = $_POST['favcolor'];
//add to database
$sql = "INSERT INTO formulier (naam, achternaam, kleur) VALUES ('$name', '$lastName', $favColor)";
//database addition confirmation
if(mysqli_query($conn, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// Close connection
$conn->close();
include 'template-parts/header.php';
include 'template-parts/main.php';
include 'template-parts/footer.php';
?>
Main.php Main.php
<main>
<center>
<form action="welcome.php" method="post">
Naam: <input type="text" name="name"><br>
Achternaam: <input type="text" name="lastname"><br>
Je favoriete kleur: <input type="color" name="favcolor" value="#ff0000">
<input type="submit">
</form>
</center>
</main>
Welcome.php欢迎光临。php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link href="css/reset.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<title>PHP</title>
</head>
<body>
<div class= "welcome-message">
<h1>Welcome <?php echo $_POST["name"]; ?> <?php echo $_POST["lastname"]; ?> !<br> </h1>
<h2>Leuk dat je er bent!</h2>
<h3>Wouw, mijn favoriete kleur is ook <?php echo $_POST["favcolor"]; ?> !</h3>
<?php echo '<body style="background-color: ' . $_POST['favcolor'] . '">'; ?>
</div>
</body>
</html>
My database Bezoeker
has table called Formulier
with the structure: naam
, achternaam
, kleur
我的数据库
Bezoeker
有一个名为Formulier
的表,其结构为: naam
、 achternaam
、 kleur
With the current code I get the error使用当前代码,我得到了错误
connection succesfullERROR: Could not able to execute INSERT INTO formulier (naam, achternaam, kleur) VALUES ('', '', ).
连接成功错误:无法执行 INSERT INTO 公式(naam、achternaam、kleur)值(''、''、)。 You have an error in your SQL syntax;
您的 SQL 语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
检查与您的 MySQL 服务器版本相对应的手册,以获取在第 1 行的“)”附近使用的正确语法
and I cannot figure out what it means or what to do next.我无法弄清楚这意味着什么或下一步该做什么。
Your <form action="welcome.php" method="post">
tells the form what URL to go to next and process.您的
<form action="welcome.php" method="post">
告诉表单 URL 到 go 的下一步和处理。 All your code for inserting into the DB is on index.php
, not welcome.php
.您插入数据库的所有代码都在
index.php
上,而不是welcome.php
上。 If you browse directly to index.php
all of the $_POST fields will be empty because a form has not POSTed to it.如果您直接浏览到
index.php
,则所有 $_POST 字段都将为空,因为尚未向其发布表单。 You need to move your php code to welcome.php
您需要将您的
welcome.php
代码移至 Welcome.php
welcome.php欢迎。php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link href="css/reset.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<title>PHP</title>
</head>
<body>
<div class= "welcome-message">
<?php
//check the form was filled out correctly and you have the expected values
if (isset ($_POST['name']) && ($_POST['lastname']) && ($_POST['favcolor']))
{
//....
//Your PHP code to insert into DB
//....
?>
<h1>Welcome <?php echo $_POST["name"]; ?> <?php echo $_POST["lastname"]; ?> !<br> </h1>
<h2>Leuk dat je er bent!</h2>
<h3>Wouw, mijn favoriete kleur is ook <?php echo $_POST["favcolor"]; ?> !</h3>
<?php echo '<body style="background-color: ' . $_POST['favcolor'] . '">'; ?>
<?php
}
else
{ ?>
<h1>Form was not filled out properly</h1>
<?php } ?>
</div>
</body>
</html>
Also, please do take note about the SQL Injection vulnerabilities that several others have mentioned.另外,请注意其他几个人提到的 SQL 注入漏洞。 Using values directly from form inputs to a SQL query is dangerous.
将表单输入中的值直接用于 SQL 查询是危险的。 The proper way to do this is with Prepared Statements .
正确的方法是使用Prepared Statements 。
<?php
if (isset ($_POST['name']) && ($_POST['lastname'])) {
$name = $_POST['name'];
$lastName = $_POST['lastname'];
$favColor = $_POST['favcolor'];
// server settings
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "bezoeker";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo 'connection succesfull';
}
//add to database
$sql = "INSERT INTO formulier (naam, achternaam, kleur) VALUES ($name, $lastName, $favColor)";
//database addition confirmation
if(mysqli_query($conn, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// Close connection
$conn->close();
}
include 'template-parts/header.php';
include 'template-parts/main.php';
include 'template-parts/footer.php';
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.