stackoom
  简体   繁体   中英

PHP to MySQL Code problems

 原文  2013-12-07 21:34:56       php/ html/ mysql/ database/ forms

Question

I know there a lot of questions on MySQL and PHP but I can't seem to find an answer simple enough for me to understand what to do and why.

Here is my form script 

<form name="tickets" action="tickets98829849.php" method="get">
First Name: <input type="text" name="firstname"><br>
Last Name: <input type="text" name="lastname"><br><br>
Number of Tickets: <input type="text" name="quant"><br><br>
First and Last Name of Date: <input type="text" name="date"><br>
Date a guest? <input type="checkbox" name="guest" value="Yes">Yes<br><br>
Amount paid per ticket: <br><br>
$<input type="text" name="amount" size="2"><br>
<br><input type="submit" value="Submit"></form>

and here is my PHP script 

    <?php

define('DB_NAME', 'ticketpurch');
define('DB_USER', 'dbuser');
define('DB_PASSWORD', 'dbpsswd');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD)

if (!$link) {
die('Could not connect: ' . mysqlerror());
}
$db_selectd = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysqlerror());
}

$value1 = $_POST['firstname']
$value2 = $_POST['lastname']
$value3 = $_POST['quant']
$value4 = $_POST['datename']
$value5 = $_POST['guest']
$value6 = $_POST['amount']

$sql = "INSERT INTO $table ticketpurch (firstname, lastname, quant, datename, guest, amount) VALUES ('$value1', '$value2', '$value3', '$value4', '$value5', '$value6')";
$result = mysql_query($sql)

if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}

mysql_close();
>

When I use the form, the data does not get entered into the table. I do not get an error message. What is wrong with it for not letting me access the table and insert data? I am very new to php, so

4 answers

solution1
 1  2013-12-07 21:45:06

Your form's submit method is get but you receive post method. Change it.

solution2
 0  2013-12-07 21:45:07

In form you mention method="get" change it to method="post"

It will work :)

solution3
 0  2013-12-07 21:59:54

Remove the $table from the statement. I'm assuming the correct table is ticketpurch, so all you did with $table was confuse the database. In addition, the other answers are also correct. Your form's method is "get," yet you're using $_POST to try to get the data. You should change the form to post, because get is incredibly insecure, especially if this involves purchases.

In addition, you're using deprecated functions like mysql_connect. Instead, use the PDO object. Instead of mysql_connect(), try this: 

$table = "mytable";
$sql = new PDO;
$sql->__construct(DB_NAME, DB_USER, DB_PASS);
$stmnt = $sql->prepare("INSERT INTO ticketpurch (firstname, lastname, quant, datename, guest, amount) VALUES ('$value1', '$value2', '$value3', '$value4', '$value5', '$value6')";
$sql->execute($stmnt);

That will ensure that your statements are better secured against SQL injection.

Hope that helped.

solution4
 0  2013-12-09 07:15:33

Try Like this.

HTML CODE 

<form name="tickets" action="tickets98829849.php" method="post">
First Name: <input type="text" name="firstname"><br>
Last Name: <input type="text" name="lastname"><br><br>
Number of Tickets: <input type="text" name="quant"><br><br>
First and Last Name of Date: <input type="text" name="date"><br>
Date a guest? <input type="checkbox" name="guest" value="Yes">Yes<br><br>
Amount paid per ticket: <br><br>
$<input type="text" name="amount" size="2"><br>
<br><input type="submit" value="Submit"></form>

tickets98829849.php code 

<?php

define('DB_NAME', 'ticketpurch');
define('DB_USER', 'dbuser');
define('DB_PASSWORD', 'dbpsswd');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD)

if (!$link) {
die('Could not connect: ' . mysqlerror());
}
$db_selectd = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysqlerror());
}

$value1 = $_POST['firstname']
$value2 = $_POST['lastname']
$value3 = $_POST['quant']
$value4 = $_POST['datename']
$value5 = $_POST['guest']
$value6 = $_POST['amount']

$sql = "INSERT INTO $table ticketpurch (firstname, lastname, quant, datename, guest, amount) VALUES ('$value1', '$value2', '$value3', '$value4', '$value5', '$value6')";
$result = mysql_query($sql)

if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}

mysql_close();
>

If you use method="get" in the form ,then receive html values using $_GET['html element name'] ;.But for security purpose ,we generally use method="post" in html code and receive value in action page using $_POST[]; .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question having problems to execute a PHP code with simple mySQL query mySQL problems with this code? PHP and MySQL Output Problems php mysql problems PHP/MySQL - AND/OR problems MySQL and PHP unicode problems Mysql and PHP Update Problems php mysql authentication problems PHP/MySQL with encoding problems PHP + MySQL problems :(
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM