我在将数据插入数据库表时遇到问题。我已经检查了从表字段到表单字段的所有内容。一切正常,甚至 print_r 打印结果,但数据未插入数据库。它返回空结果集。 我的表单代码
<?php include('header.php'); ?>
<div class="page container">
<div class="row col-12 register-page">
<form class="form-horizontal" role="form" action="register-process.php" method="post">
<div class="form-group">
<label for="firstname" class="col-sm-2 control-label">First Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="firstname" name="firstname"
placeholder="Enter First Name">
</div>
</div>
<div class="form-group">
<label for="lastname" class="col-sm-2 control-label">Last Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="lastname" name="lastname"
placeholder="Enter Last Name">
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="email" name="email"
placeholder="Enter Your Email">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="password" name="password"
placeholder="Enter your password">
</div>
</div>
<div class="form-group">
<label for="confirm-password" class="col-sm-2 control-label">Confirm Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="cpassword" name="cpassword"
placeholder="Confirm password">
</div>
</div>
<div class="form-group">
<label for="birth-year" class="col-sm-2 control-label">Birth Year</label>
<div class="col-sm-10">
<select id="year" class="birth-year" name="birth-year">
<?php
for($i = 1970; $i < date("Y")+1; $i++){
echo '<option value="'.$i.'">'.$i.'</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="gender" class="col-sm-2 control-label register-gender">Gender</label>
<div class="col-sm-10">
<select id="registration_gender" class="select-register " required="required" name="gender">
<option selected="selected" value="">Gender</option>
<option value="_UE_M">Male</option>
<option value="_UE_MRS">Female</option>
</select>
</div>
</div>
<div class="form-group form-action">
<div class="form-action">
<input type="submit" name="submit" class="btn btn-large btn-primary" value="Lets Get Started" >
</div>
</div>
</form>
</div>
</div>
和我的注册过程代码
<div class="page container">
<div class="row col-12 register-page">
<?php
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$cpassword = md5($_POST['cpassword']);
$birthyear = $_POST['birth-year'];
$gender = $_POST['gender'];
if($fname && $lname && $email && $password && $cpassword){
if($password == $cpassword){
include("config.php");
$insert = 'INSERT INTO users(firstname,lastname,email,password,birth-year,gender)
VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$password.'","'.$birthyear.'","'.$gender.'")';
mysql_query($insert);
echo "registered successfully";
}
else{
header("Location: register.php");
echo "your password do not match.";
}
}
else{
echo "complete the form please.";
header("Location: register.php");
}
?>
</div>
</div>
最佳答案
线路
if($fname && $lname && $email && $password && $cpassword){
正在检查这些值是否为真,但事实并非如此。与此相关的 PHP 代码将导致 SQL 注入(inject),因为您没有验证表单中输入的值。查看转义 SQL 并删除 HTML 实体。
在 $_POST 变量上使用函数 isset(),这样您就可以验证表单是否已正确填写。一旦您对表单填写正确感到满意,SQL 转义并将 html 实体删除到本地变量中,然后使用它们插入到 SQL 中。
关于php - 提交表单数据到数据库表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26481665/