如何将用户输入从 HTML 文本表单发送到我的 SQL 数据库?
[英]How do I send user input from a HTML textform to my SQL database?
问题描述
We started working for the first time with PHP and my SQL .
我们第一次开始使用PHP和我的SQL 。
There are 2 pages the user can go to:有2个页面用户可以go到:
- The first page that opens had a form with 3 input fields: First name, Last name, your favorite color (hexcode color picker)打开的第一页有一个带有 3 个输入字段的表单:名字、姓氏、您最喜欢的颜色(十六进制代码颜色选择器)
- Once you filled in the info, you get send to the 2nd page where the text says "Welcome [first name] [Last name]. Nice to see you. Looks like you also like [color] huh?"填写信息后,您会被发送到第二页,其中的文字是“欢迎 [名字] [姓氏]。很高兴见到你。看起来你也喜欢 [颜色] 嗯?” and the color of the background changes to the color you have chosen.背景颜色变为您选择的颜色。
I have no issues POST-ing it, but I need to send this info to the SQL database and I cannot seem to figure out what to do next.我没有问题发布它,但我需要将此信息发送到 SQL 数据库,我似乎无法弄清楚下一步该做什么。
index.php index.php
<?php
// server settings
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "bezoeker";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo 'connection succesfull';
}
$name = $_POST['name'];
$lastName = $_POST['lastname'];
$favColor = $_POST['favcolor'];
//add to database
$sql = "INSERT INTO formulier (naam, achternaam, kleur) VALUES ('$name', '$lastName', $favColor)";
//database addition confirmation
if(mysqli_query($conn, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// Close connection
$conn->close();
include 'template-parts/header.php';
include 'template-parts/main.php';
include 'template-parts/footer.php';
?>
Main.php Main.php
<main>
<center>
<form action="welcome.php" method="post">
Naam: <input type="text" name="name"><br>
Achternaam: <input type="text" name="lastname"><br>
Je favoriete kleur: <input type="color" name="favcolor" value="#ff0000">
<input type="submit">
</form>
</center>
</main>
Welcome.php欢迎光临。php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link href="css/reset.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<title>PHP</title>
</head>
<body>
<div class= "welcome-message">
<h1>Welcome <?php echo $_POST["name"]; ?> <?php echo $_POST["lastname"]; ?> !<br> </h1>
<h2>Leuk dat je er bent!</h2>
<h3>Wouw, mijn favoriete kleur is ook <?php echo $_POST["favcolor"]; ?> !</h3>
<?php echo '<body style="background-color: ' . $_POST['favcolor'] . '">'; ?>
</div>
</body>
</html>
My database Bezoeker has table called Formulier with the structure: naam , achternaam , kleur我的数据库Bezoeker有一个名为Formulier的表,其结构为: naam 、 achternaam 、 kleur
With the current code I get the error使用当前代码,我得到了错误
connection succesfullERROR: Could not able to execute INSERT INTO formulier (naam, achternaam, kleur) VALUES ('', '', ).
and I cannot figure out what it means or what to do next.我无法弄清楚这意味着什么或下一步该做什么。
2 个解决方案
解决方案1
2 已采纳 2019-11-19 19:51:25
Your <form action="welcome.php" method="post"> tells the form what URL to go to next and process.您的<form action="welcome.php" method="post">告诉表单 URL 到 go 的下一步和处理。 All your code for inserting into the DB is on index.php , not welcome.php .您插入数据库的所有代码都在index.php上,而不是welcome.php上。 If you browse directly to index.php all of the $_POST fields will be empty because a form has not POSTed to it.如果您直接浏览到index.php ,则所有 $_POST 字段都将为空,因为尚未向其发布表单。 You need to move your php code to welcome.php您需要将您的welcome.php代码移至 Welcome.php
welcome.php欢迎。php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link href="css/reset.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<title>PHP</title>
</head>
<body>
<div class= "welcome-message">
<?php
//check the form was filled out correctly and you have the expected values
if (isset ($_POST['name']) && ($_POST['lastname']) && ($_POST['favcolor']))
{
//....
//Your PHP code to insert into DB
//....
?>
<h1>Welcome <?php echo $_POST["name"]; ?> <?php echo $_POST["lastname"]; ?> !<br> </h1>
<h2>Leuk dat je er bent!</h2>
<h3>Wouw, mijn favoriete kleur is ook <?php echo $_POST["favcolor"]; ?> !</h3>
<?php echo '<body style="background-color: ' . $_POST['favcolor'] . '">'; ?>
<?php
}
else
{ ?>
<h1>Form was not filled out properly</h1>
<?php } ?>
</div>
</body>
</html>
Also, please do take note about the SQL Injection vulnerabilities that several others have mentioned.另外,请注意其他几个人提到的 SQL 注入漏洞。 Using values directly from form inputs to a SQL query is dangerous.将表单输入中的值直接用于 SQL 查询是危险的。 The proper way to do this is with Prepared Statements .正确的方法是使用Prepared Statements 。
解决方案2
-1 2019-11-19 15:20:34
<?php
if (isset ($_POST['name']) && ($_POST['lastname'])) {
$name = $_POST['name'];
$lastName = $_POST['lastname'];
$favColor = $_POST['favcolor'];
// server settings
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "bezoeker";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
echo 'connection succesfull';
}
//add to database
$sql = "INSERT INTO formulier (naam, achternaam, kleur) VALUES ($name, $lastName, $favColor)";
//database addition confirmation
if(mysqli_query($conn, $sql)){
echo "Records inserted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// Close connection
$conn->close();
}
include 'template-parts/header.php';
include 'template-parts/main.php';
include 'template-parts/footer.php';
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.