[英]Passing form data with PHP to MySQL database
我無法傳遞以下表單數據:
<form method="post" action="form.php" id="contact" enctype="multipart/form-data">
<fieldset>
<legend>Contact Us</legend>
<div id="conleft">
<label>First Name:</label><input type="text" name="firstName" required />
<label>Last Name:</label><input type="text" name="lastName" required />
<label>House/Flat No:</label><input type="text" name="houseNum" />
<label>Address:</label><input type="text" name="address" />
<label>Town/City:</label> <input type="text" name="city" />
<label>Postcode:</label> <input type="text" name="postcode" />
<label>Telephone:</label> <input type="tel" name="telephone" />
<label>Email:</label> <input type="email" name="email" required />
</div>
<div id="conright">
<label>Enquiry:</label><textarea name="description" rows="13" required ></textarea>
<label>Date:</label><input type="month" name="date" /><br /><br />
<input type="submit" name="submit" value="Send" />
<input type="reset" name="Reset" value="Reset" />
<input type="hidden" name="customerNo" />
<input type="hidden" name="enquiryNo" />
<input type="radio" name="type" value="customer" checked />
</div>
</fieldset>
</form>
使用以下PHP到MySQL數據庫
<?php
$con=mysqli_connect("localhost", "root", "myuser","mypass");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES ('$_POST[customerNo]','$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con,$sql1);
$sql2="INSERT INTO enquiry (NULL, customerNo, description, date)
VALUES ('$_POST[enquiryNo]','$_POST[customerNo]','$_POST[description]','$_POST[lastName]','$_POST[date]')";
mysqli_query($con,$sql2);
echo "<script language=javascript>window.location = 'thanks.html';</script>";
mysqli_close($con);
?>
通過在提交時顯示thank.html頁面,網頁就像表單數據一樣發送,但數據庫中沒有填充數據。 我設置了AUTO INCREMENT,PRIMARY和FOREIGN鍵,這是我嘗試傳遞值的方式嗎?
嘗試更改第一個查詢,如下所示:
$sql1="INSERT INTO customers (customerNo,firstName, lastName, houseNum, address, city, postcode, telephone, email, type)VALUES('{$_POST['customerNo']}','{$_POST['firstName']}','{$_POST['lastName']}','{$_POST['houseNum']}','{$_POST[address]}','{$_POST['city']}', '{$_POST['postcode']}','{$_POST['telephone']}','{$_POST['email']}','{$_POST['type']}')";
和第二個查詢是這樣的:
$sql2="INSERT INTO enquiry (enquiryNo,customerNo, description,lastname,date)VALUES('{$_POST['enquiryNo']}','{$_POST['customerNo']}','{$_POST['description']}','{$_POST['lastName']}','{$_POST['date']}')";
試試看,告訴我結果:)
首先,您需要檢查已發布的SQL注入輸入。
但是如果你這樣做,那么現在應該可行
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type) VALUES ('". $_POST['customerNo'] ."','".$_POST['firstName'] ."','".$_POST['lastName'] ."','".$_POST['houseNum'] ."','". $_POST['address'] ."','". $_POST['city'] ."','". $_POST['telephone'] ."', '". $_POST['postcode'] ."','". $_POST['email'] ."','". $_POST['type'] ."')";
mysqli_query($con,$sql1) or die(print_r(mysqli_error()));
對於一個簡單的SQL注射清潔劑,我用它,
function scrubSQL($con,$string)
{
$string = htmlspecialchars(strip_tags(trim($string)));
$string = str_replace("'","",$string);
$string = mysqli_real_escape_string($con,$string);
return $string;
}
使用'".$_POST['customerNo']."'
而不是'$_POST[customerNo]'
等INSERT
命令中所有$_POST
值的類似內容
編輯1:
似乎customerNO
和enquiryNo
是自動增量列。 所以
$sql1="INSERT INTO customers (NULL, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES ('$_POST[customerNo]','$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
應該
$sql1="INSERT INTO customers (customerNo, firstName, lastName, houseNum, address, city, postcode, telephone, email, type)
VALUES (NULL,'$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con,$sql1);
$customerNO=mysql_insert_id();
接着
$sql2="INSERT INTO enquiry (NULL, customerNo, description, date)
VALUES ('$_POST[enquiryNo]','$_POST[customerNo]','$_POST[description]','$_POST[lastName]','$_POST[date]')";
應該
$sql2="INSERT INTO enquiry (enquiryNO, customerNo, description, date)
VALUES (NULL,'$customerNo','$_POST[description]','$_POST[lastName]','$_POST[date]')";
看起來你正試圖在NULL
列中插入一個值,這可能是ID或No列? 我假設您的主要密鑰是customerNo和enquiryNo,請嘗試以下代碼:
$sql1 = "INSERT INTO customers (firstName, lastName, houseNum, address, city, postcode, telephone, email, type) VALUES ('$_POST[firstName]','$_POST[lastName]','$_POST[houseNum]','$_POST[address]','$_POST[city]','$_POST[telephone]', '$_POST[postcode]''$_POST[email]','$_POST[type]')";
mysqli_query($con, $sql1) or die('Query 1 Failed: '.mysqli_error($con));
$customer_no = mysqli_insert_id($con);
$sql2 = "INSERT INTO enquiry (customerNo, description, date) VALUES ('$customerNo','$_POST[description]','$_POST[lastName]','$_POST[date]')";
mysqli_query($con, $sql2) or die('Query 2 Failed: '.mysqli_error($con));
要獲取新插入記錄的主鍵,可以使用mysqli_insert_id() 。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.