为什么我的表单没有用PHP发布？

Question

I am using a simple form and submitting my textbox values to database,

<body>

<?php 

if(isset($_POST["submit"]))
$des="Insert into enquiry(Companyname,Name,Phno,Email,Address,Comments) values 
  ('".$_POST[txtcompname]."','".$_POST[txtname]."','".$_POST[txtphno]."',
'".$_POST[txtemail]."','".$_POST[txtaddress]."','".$_POST[txtcomments]."')";
$res1=mysql_query($des);

?>

<div align="left">
<form action="" method="post">

But it doesn't seem to get submitted? Any suggestion

When i use print_r($_POST); i get

Array ( [txtcompname] => xv [txtname] => xcv [txtphno] => xcvx [txtemail] => xcv [txtaddresss] => xcv [txtcomments] => xcvxcv [submit] => submit ) 

and i get this error now,

You have an error in your SQL syntax; check the manual that corresponds to 
your MySQL server version for the right syntax to use near 'Address,Comments) 
values ('zdc','sadcv','zdsv', 'sdcv','sdvcsdv','sdcv')' at line 2

Answer 1

There are several potential problems here, but I'd need to see your whole script to give you a definitive answer.

Questions you should be asking - is $_POST['submit'] set? Print something to output inside the if to find out. Is your submit button value "Submit" rather than "submit" for example.

You should also try looking at mysql_error() to see if the DB is rejecting your query. Are your field names correct for example?

Lastly, $_POST[txtcompname] should be $_POST['txtcompname'] and your other $_POST vars also need quotes round the form field names. Depending on your version and configuration of PHP you might get away with this, but it's bad practice. Without the quotes PHP interprets txtcompname as a constant (as defined by define()). By default that may be set to the string txtcompname, so it might work, but you shouldn't rely on it.

Also, if this is a public facing site, you're setting yourself up for SQL injection problems since you've not escaped or otherwise sanitised your input. If your input has ' characters in it your query will break.

Answer 2

i found a few mistakes in your code just by regarding it... make sure you have all warning on so you could see them

1) Brackets after the if, or else only the assignation of the $des variable will be executed when the form is submitted

2) $_POST is an array.. you need the quotes $_POST['txtcompname']

finally make sure that the submit input has name="submit" ,although i think it's better to evaluate the submit by using if !empty($_POST)

good luck

Answer 3

1. Check if Form got submitted
2. Debug the submitted Data (print)
3. Validate // Sanitize the Data
4. Build the Query Debug it (print)
5. Push the Query to the Database
6. Print error (if there is one)

If done so you have had seen that there is missing a space between enquiry and (Companyname

function debug($var, $label = '') {
    echo $label
        . '<pre>'
        . print_r($var, true)
        . '</pre>';
}

if (array_key_exists('submit', $_POST)) {
    debug($_POST, '_POST');
    $_dbCompany = mysql_real_escape_string($_POST['txtcompname']);
    $_dbName        = mysql_real_escape_string($_POST['txtname']);
    $_dbPhone       = mysql_real_escape_string($_POST['txtphno']);
    $_dbEmail       = mysql_real_escape_string($_POST['txtemail']);
    $_dbAdress      = mysql_real_escape_string($_POST['txtaddress']);
    $_dbComments    = mysql_real_escape_string($_POST['txtcomments']);

    $_prepareSQL = "INSERT INTO 
        enquiry (Companyname,Name,Phno,Email,Address,Comments) 
        VALUES ('%s', '%s', '%s', '%s', '%s', '%s')";
    $statement = sprintf($_prepareSQL, $_dbCompany, $_dbName, $_dbPhone, $_dbEmail, $_dbAdress, $_dbComments);
    debug($statement, 'SQL-Query');

    $result = mysql_query($statement) || trigger_error(mysql_error(), E_USER_ERROR);
}

Answer 4

$_POST[txtcompname] and all the other variables should be quoted. Try with $_POST['txtcompname']. Also, do var_dump($_POST) and check if you have all the values that you are reffering to.