php - 表格显示已发送,但数据库中没有显示任何数据

标签 php html mysql database

我是 PHP 新手,但仍在努力理解它。该表单表示数据已发送到数据库,但是当我查看数据库为空时,没有显示任何错误?我的代码有问题吗?

注意:据我了解,此表单不受 SQL 注入(inject)保护。

<小时/>

HTML

<小时/> 
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Page 3 Form</h2><hr/>
                <span id="error">

                </span>
                <form action="page4_insertdata.php" method="post">

                    <label>Company Name :<span>*</span></label><br />
                    <input name="company_name" type="text" placeholder="Joes Cleaner" required>
                    <br />

                    <label>Ref :<span>*</span></label><br />
                    <input name="ref" type="text" placeholder="H123" required>
                    <br />

                    <label>Website :<span>*</span></label><br />
                    <input name="website" type="text" placeholder="www.google.com" required>
                    <br />

                    <label>Email :<span>*</span></label><br />
                    <input name="email" type="email" placeholder="Joescleaners@gmail.com" required>
                    <br />

                    <label>Telephone :<span>*</span></label><br />
                    <input name="tel" type="text" placeholder="07123456789" required>
                    <br />

                    <label>Message :<span>*</span></label><br />
                    <input name="message" id="message" type="text" size="500" required>
                    <br />



                    <input  type="reset" value="Reset" />
                    <input name="submit" type="submit" value="Submit" />

                </form>
            </div>

        </div>
    </body>
</html>
<小时/>

PHP

<小时/> 
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>PHP Multi Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Multi Page Form</h2><hr/>

                <?php

                            $servername = "localhost";
                            $db_database = 'form';
                            $username = "root";
                            $password = "";

                            // Create connection
                            $conn = new mysqli($servername, $username, $password);

                            // Check connection
                            if ($conn->connect_error) {
                                die("Connection failed: " . $conn->connect_error);
                            } 
                            echo "DB Connected successfully. ";


                            $company_name = $_POST['company_name'];
                            $ref = $_POST['ref'];
                            $website = $_POST['website'];
                            $email = $_POST['email'];
                            $tel = $_POST['tel'];
                            $message = $_POST['message'];


                            $sql = "INSERT INTO detail (company_name,ref,website,email,tel,message) 
                            VALUES ('$company_name','$ref','$website','$email','$tel','$message')";

                            if($sql){
                            echo " Database Sent.";
                            }
                            else {
                            echo "ERROR to insert into database";
                            };
                ?>
            </div>

        </div>
    </body>
</html>

最佳答案

更改以下代码:

if($sql){
echo " Database Sent.";
}
else {
echo "ERROR to insert into database";
};

致:

$result = $conn->query($sql);
if($result){
    echo " Database Sent.";
}
else {
    echo "ERROR to insert into database";
};

这样您实际上正在执行查询并检查查询失败...

为了使您的查询更安全,请尝试以下操作:

$sql = "
    INSERT INTO detail (
        company_name,
        ref,
        website,
        email,
        tel,
        message
    ) 
    VALUES (
        '" . mysqli_real_escape_string($company_name) . "',
        '" . mysqli_real_escape_string($ref) . "',
        '" . mysqli_real_escape_string($website) . "',
        '" . mysqli_real_escape_string($email) . "',
        '" . mysqli_real_escape_string($tel) . "',
        '" . mysqli_real_escape_string($message) . "'
    )";

更好的是,通过将 $sql 实例化和查询执行 ($conn->query()) 替换为以下内容来使用参数绑定(bind):

$stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssss', $company_name, $ref, $website, $email, $tel, $message);
$stmt->execute();

您可以通过访问 PHP: mysqli_stmt::bind_param - Manual 来阅读 mysqli 的绑定(bind)参数。

完整代码:

<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
    <head>
        <title>PHP Multi Page Form</title>
        <link rel="stylesheet" href="style.css" />
    </head>
    <body>
        <div class="container">
            <div class="main">
                <h2>PHP Multi Page Form</h2><hr/>

                <?php

                            $servername = "localhost";
                            $db_database = 'form';
                            $username = "root";
                            $password = "";

                            // Create connection
                            $conn = new mysqli($servername, $username, $password, $db_database);

                            // Check connection
                            if ($conn->connect_error) {
                                die("Connection failed: " . $conn->connect_error);
                            } 
                            echo "DB Connected successfully. ";

                            $stmt = $conn->prepare("INSERT INTO detail (company_name,ref,website,email,tel,message) VALUES (?, ?, ?, ?, ?, ?)");
                            $stmt->bind_param('ssssss', 
                                $_REQUEST['company_name'],
                                $_REQUEST['ref'],
                                $_REQUEST['website'],
                                $_REQUEST['email'],
                                $_REQUEST['tel'],
                                $_REQUEST['message']
                            );

                            if($stmt->execute()) {
                                echo " Database Sent.";
                            } else {
                                echo "ERROR to insert into database: " . $stmt->error;
                            };
                ?>
            </div>

        </div>
    </body>
</html>

关于php - 表格显示已发送,但数据库中没有显示任何数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27298571/

上一篇:mysql - 如何为特定项目创建计数列

下一篇:php - 如何检查用户名和密码是否与数据库匹配

相关文章:

javascript - ajax请求成功但看不到我的数据

javascript - 如何将 <tr> 插入到 <table> 中(使用 PHP)

javascript - JS中的动画不会移动

javascript - 在图标状态更改时更改图像 :Jquery

mysql - 如何将 3 个查询合并为 1 个

php - 在 PHP 中使用 "this"和 "self"

javascript - jquery .val() 返回未定义

javascript - $(window).height() 值在 Firefox 22.0 中是常量

PHP 根据 <selection> 中的选定选项检索 mysql 存储的字符数据返回错误的字符

mysql - Mysql中Group By和Order By的使用

©2024 IT工具网  联系我们