[英]Insert query to insert into a MySQL database does not work. (PHP)
I'm trying to insert values from a form and insert it onto a MySQL database. 我正在尝试从表单中插入值并将其插入到MySQL数据库中。 But it does not work.
但这行不通。 I'm a beginner,please help.
我是初学者,请帮忙。
Here is my Code: 这是我的代码:
<?php
function register(){
$name = $_POST['name'];
$address = $_POST['address'];
$email = $_POST['email'];
$phone = $_POST['phone'];
//echo $name;
$con = mysqli_connect("localhost", "root", "", "LinuxCreditSociety");
$rs = $con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(1003,'$name','$address','$phone','$email')");
$rs->free();
$con->close();
}
?>
<html>
<head>
<title>Registration</title>
<link rel="stylesheet" type="text/css" href="phpcss.css"></link>
</head>
<body>
<div style="position:absolute;left:300px;top:5px">
<h1 align="center"><font face="Purisa" size="20" color="purple">Linux Credit Society</font></h1>
</div>
<div style="position:absolute;right:160px;top:5px"><img src="linux.jpg" height="150" /></div>
<div style="position:absolute;left:140px;top:5px"><img src="linux.jpg" height="150" /></div>
<form method="post">
<div class="st1">
Name:</br></br>
Address:</br></br>
Email-id:</br></br>
Phone#:</br></br>
</div>
<div class="st2">
<div style="position:absolute;top:5px">
<input type="text" name="name">
</div>
<div style="position:absolute;top:78px">
<input type="text" name="address">
</div>
<div style="position:absolute;top:148px">
<input type="text" name="email">
</div>
<div style="position:absolute;top:218px">
<input type="text" name="phone">
</div>
<div style="position:absolute;top:290px;">
<input type="submit" value="Register">
</div>
</div>
</form>
<div style="position:absolute;top:320px;">
<?php
if(isset($_POST['submit']) && $_POST['submit'] == "Register")
register();
?>
</div>
</body>
</html>
And this is how I have created my database: 这就是我创建数据库的方式:
create database LinuxCreditSociety;
use LinuxCreditSociety;
create table cust_mst(
customer_id int,
customer_name varchar(50),
customer_address varchar(70),
customer_mobile double,
email_id varchar(50));
insert into cust_mst values(1001, 'Jack Mathew', 'Bandra', '9998887770', 'jackm@yahoo.com');
insert into cust_mst values(1002, 'Jill Roberts', 'Dadar', '999665550', 'jillr@rediff.com');
EDIT: 编辑:
Guys I just made one change and it worked thankyou.Now I will work on Injections as well!! 伙计们,我只是做了一个更改,就可以了,谢谢了,现在我也将进行注射!
Here is what I did: 这是我所做的:
I just changed the call from -> 我刚从->更改了通话
<?php
if(isset($_POST['submit']) && $_POST['submit'] == "Register")
register();
?>
to this -> 对此->
<?php
if(isset($_POST['name']) && $_POST['name'] != "")
register();
?>
Surely you want this the other way around: 当然,您需要这样做:
$_POST[name] = $name;
$_POST[address] = $address;
$_POST[email] = $email;
$_POST[phone] = $phone;
eg: 例如:
$name = $_POST['name'];
$address = $_POST['address'];
$email = $_POST['email'];
$phone = $_POST['phone'];
I assume your data is coming from $_POST
. 我假设您的数据来自
$_POST
。 Change 更改
$_POST[name] = $name;
$_POST[address] = $address;
$_POST[email] = $email;
$_POST[phone] = $phone;
Into 进入
$name = $con->real_escape_string($_POST['name']);
$address = $con->real_escape_string($_POST['address']);
$email = $con->real_escape_string($_POST['email']);
$phone = $con->real_escape_string($_POST['phone']);
Note the use of mysqli_real_escape_string()
in order to prevent SQL injections . 注意使用
mysqli_real_escape_string()
来防止SQL注入 。 Also, since you're already using the mysqli
extension, consider building prepared statements rather than interpolating variables into the query string. 另外,由于您已经在使用
mysqli
扩展,因此请考虑构建准备好的语句,而不是将变量插值到查询字符串中。
Last side note: to prevent error notices like "Use of undefined constant name - assumed 'name' in /your/script", access array keys using strings (ie $_POST['name']
instead of $_POST[name]
). 最后一点:为了防止出现类似“使用未定义的常量名称-在/ your / script中假定为'name'之类的错误提示,请使用字符串访问数组键(即
$_POST['name']
而不是$_POST[name]
)。
Try this, but dont forget to sanitize your variables !!! 试试这个,但是别忘了清理变量!
function register(){
$name = $_POST['name'];
$address = $_POST['address'];
$phone = $_POST['email'];
$email = $_POST['phone'];
$con = new mysqli("localhost", "root", "", "LinuxCreditSociety");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if (!$con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(NULL,'$name','$address','$phone','$email')")) {
printf("Errormessage: %s\n", $con->error);
}
$con->close();
}
function register(){
$name = $_POST['name'];
$address = $_POST['address'];
$phone = $_POST['email'];
$email = $_POST['phone'];
$con = mysqli_connect("localhost", "root", "", "LinuxCreditSociety");
$rs = $con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(NULL,'{$name}','{$address}','{$phone}','{$email}')");
$rs->free();
$con->close();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.