[英]PHP Mysql submit form
我正在尝试使用php从html表单提交数据到sql数据库。 它完成了第5部分,但除自动递增的userID之外,似乎没有任何表行中的任何实际数据。 此代码是否也免受SQL注入的保护? 另外,将日期戳输入到SQL数据库的最佳方法是什么? 例如ClientSince字段。
这是我的clientsubmit.php
<?php
// Create connection
echo "Made it! Part 1";
$con=mysqli_connect("xxx","xxx","xxx","xxx");
echo "Made it! Part 2";
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$txtNam = mysql_real_escape_string($_POST["name"]);
$txtEmail = mysql_real_escape_string($_POST["email"]);
$txtSlots = mysql_real_escape_string($_POST["slotcount"]);
$txtSecurity = mysql_real_escape_string($_POST["passcode"]);
echo "Made it! Part 3";
$sql = "INSERT INTO accounts (name, email, slotCount, securityCode) Values('$txtNam','$txtEmail','$txtSlots','$txtSecurity')";
echo "Made it! Part 4";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Made it! Part 5";
mysqli_close($con);
?>
这是我的表格:
<form name="form" class="form" action="clientsubmit.php" method="post">
<input type="text" name="sum2" readonly hidden="true" onChange="updatesum()" value="1.5"/><br>
Ingame Name: <input type="text" name="name" class="txtbox" /><br><br>
Email Address: <input type="text" name="email" class="txtbox" /><br><br>
Passcode: <input type="text" name="passcode" class="txtbox2" /><br><br>
Slot Count: <input type="text" name="slotcount" onChange="updatesum()" class="txtbox2" value="10"/><br><br>
Per Month: <input name="sum" readonly class="txtboxtotal" style="border: 0px;" value="15"> Million<br><br>
<input type="submit">
</form>
添加了以下内容:
echo "Made it here! 3 ";
echo " ";
echo $txtNam;
echo " ";
echo $txtEmail;
echo " ";
echo $txtSlots;
echo " ";
echo $txtSecurity;
echo " ";
似乎变量在提交到数据库之前没有保存任何数据。
在你们的帮助下工作了,下面是完成的代码:
<?php
// Create connection
$con=mysqli_connect("xxxx","xxxx","xxxx","xxxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
die();
}
$txtNam = mysqli_real_escape_string($con, $_POST["name"]);
$txtEmail = mysqli_real_escape_string($con, $_POST["email"]);
$txtSlots = mysqli_real_escape_string($con, $_POST["slotcount"]);
$txtSecurity = mysqli_real_escape_string($con, $_POST["passcode"]);
$sql = "INSERT INTO accounts (name, email, slotCount, securityCode) Values('$txtNam','$txtEmail','$txtSlots','$txtSecurity')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
问题是您正在使用mysql_real_escape_string()
和mysqli_*()
将mysql_real_escape_string()
更改为mysqli_real_escape_string()
$txtNam = mysqli_real_escape_string($con, $_POST["name"]);
$txtEmail = mysqli_real_escape_string($con,$_POST["email"]);
$txtSlots = mysqli_real_escape_string($con,$_POST["slotcount"]);
$txtSecurity = mysqli_real_escape_string($con,$_POST["passcode"]);
你上面提到submit.php
,你在投递表单clientsubmit.php
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.