[英]PHP/MySQL insert form
进入网页后,即使您不提交,它也会进入SQL表,进入网页后,它立即向SQL表发送空白,这是HTML表单和PHP表单的代码。
<form name="" method="POST" action="">
<input class="" type="text" name="a1" id="a1" class="placeholder" placeholder="Enter the FRATERNITY Name">
<input class="" type="text" name="a2" id="a2" class="placeholder" placeholder="Enter YOUR Name">
<style>
<?php
$host="";
$username="";
$password="";
$database_name="";
$table_name="";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$database_name")or die("cannot select DB");
$a1=$_POST['a1'];
$a2=$_POST['a2'];
$sql="INSERT INTO $table_name(groupname, founder)VALUES('$a1', '$a2')";
$result=mysql_query($sql);
if($result){
echo "Group $a1 Has Been Created";
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
?>
如果是邮寄请求,则需要对其进行检查,然后仅执行您的代码。 见下文:
if($_SERVER['REQUEST_METHOD'] == "POST"){
$host="";
$username="";
$password="";
$database_name="";
$table_name="";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$database_name")or die("cannot select DB");
$a1=mysql_real_escape_string($_POST['a1']);
$a2=mysql_real_escape_string($_POST['a2']);
$sql="INSERT INTO $table_name(groupname, founder)VALUES('$a1', '$a2')";
$result=mysql_query($sql);
if($result){
echo "Group $a1 Has Been Created";
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
}
请注意,您的代码本身容易受到SQL注入攻击的攻击。 我未污染这两个输入字符串以防止这种情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.