javascript - 多个值在 js ajax 中不起作用

Question

我正在尝试使用 js ajax 在数据库中插入多个数据，但它不起作用，当我尝试仅插入一个数据时，它成功地工作

这是我的indexa.php

 <html>
  <head>

<script type="text/javascript">
    function insert() {
        if (window.XMLHttpRequest) {
            xmlhttp = new XMLHttpRequest();
        } else{
            xmlhttp = new ActionXObject('Microsoft.XMLHTTP');
        }
        xmlhttp.onreadystatechange = function() {
            if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                document.getElementById('success_failed_msg').innerHTML = xmlhttp.responseText;
            } else {
                console.log("faliled");
            }
        }

        parameters = 'first_name='+document.getElementById('firstName').value;
        console.log(parameters);
        xmlhttp.open('POST','insert.inc.php',true);
        xmlhttp.setRequestHeader('Content-type','application/x-www-form-urlencoded');
        xmlhttp.send(parameters);
    }
</script>


  </head>
 <body>
      First Name : <input type="text" id="firstName"><br/><br/>
      Last Name : <input type="text" id="lastName"><br/><br/>
      Username : <input type="text" id="userName"><br/><br/>
    Password : <input type="password" id="password"><br/><br/>  
    Re-type Password : <input type="password" id="retypePassword"><br/><br/>        
    <input type="button" value="Submit" onclick="insert()">
<div id="success_failed_msg"></div>
 </body>
 </html>

我的 include.inc.php

    if (isset($_POST['first_name'])) {
$firstname = $_POST['first_name'];


    if (!empty($firstname)) {

    $insert_select = "INSERT INTO ajax_member_data(`first_name`) VALUES('".mysqli_real_escape_string($db_connect,$firstname)."')";

    if ($insert_query_run = mysqli_query($db_connect,$insert_select)) {
        echo 'Data inserted successfully';
    } else {
        echo 'Failed';
    }

     } else {
    echo 'Please enter the value';
     }
  }

当我尝试这个脚本时

    <script type="text/javascript">
        function insert() {
           if (window.XMLHttpRequest) {
            xmlhttp = new XMLHttpRequest();
        } else{
            xmlhttp = new ActionXObject('Microsoft.XMLHTTP');
        }
        xmlhttp.onreadystatechange = function() {
            if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                document.getElementById('success_failed_msg').innerHTML = xmlhttp.responseText;
            } else {
                console.log("faliled");
            }
        }

        parameters = 'first_name='+document.getElementById('firstName').value'&last_name='+document.getElementById('lastName').value'&username='+document.getElementById('userName').value'&password='+document.getElementById('password').value'&retype_password='+document.getElementById('retypePassword').value;
        console.log(parameters);
        xmlhttp.open('POST','insert.inc.php',true);
        xmlhttp.setRequestHeader('Content-type','application/x-www-form-urlencoded');
        xmlhttp.send(parameters);
    }
</script>

我的 include.inc.php

    if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['retype_password'])) {
    $firstname = $_POST['first_name'];
    $lastname = $_POST['last_name'];
   $usrname = $_POST['username'];
    $password = $_POST['password'];
    $retype_password = $_POST['retype_password'];

       if (!empty($firstname) && !empty($lastname) && !empty($usrname) && !empty($password) && !empty($retype_password)) {

    $insert_select = "INSERT INTO ajax_member_data(`first_name`,`last_name`,`user_name`,`password`) VALUES('".mysqli_real_escape_string($db_connect,$firstname)."', '".mysqli_real_escape_string($db_connect,$lastname)."', '".mysqli_real_escape_string($db_connect,$usrname)."', '".mysqli_real_escape_string($db_connect,$password)."')";

    if ($insert_query_run = mysqli_query($db_connect,$insert_select)) {
        echo 'Data inserted successfully';
    } else {
        echo 'Failed';
       }

     } else {
        echo 'Please enter the value';
    }
}   

Answer 1

你没有正确地连接。看这里，

parameters = 'first_name='+document.getElementById('firstName').value'&last_name='+document.getElementById('lastName').value'&username='+document.getElementById('userName').value'&password='+document.getElementById('password').value'&retype_password='+document.getElementById('retypePassword').value;
                                                                     ^ missing +                                            ^ missing +                                           ^ missing +                                           ^ missing +

应该是，

parameters = 'first_name='+document.getElementById('firstName').value+'&last_name='+document.getElementById('lastName').value+'&username='+document.getElementById('userName').value+'&password='+document.getElementById('password').value+'&retype_password='+document.getElementById('retypePassword').value;

---

旁注:了解 prepared statements因为现在您的查询容易受到 SQL 注入(inject)的影响。另见 how you can prevent SQL injection in PHP .