从Form中插入数据库而不插入但不产生错误

时间:2014-11-08 03:54:56

标签: php html forms

由于某种原因,我无法将表单插入数据库。我用不同的方法重写了这3次,似乎无法使它工作。希望有人能在我的网站上提供帮助。这是我的HTML代码。

<?php 
include_once 'layout/header.php'; 
?>

<!DOCTYPE html>
<html lang="en">

<div class= "jumbotron"></div>
<body>

<form  action="send_form_email.php" method = "POST"/>
<p> First Name: <input  type="text" name="first_name" maxlength="50" size="30"/></p>
<p> Last Name: <input  type="text" name="last_name" maxlength="50" size="30"/></p>
<p> Email:<input  type="text" name="email"       maxlength="80" size="30"/></p>
<p> Telephone: <input  type="text" name="telephone" maxlength="12" size="30"/></p>
 <p> Comments: <textarea  name="comments" maxlength="1000" cols="32" rows="6"></textarea></p>
 <br>
 <input type="submit" value="Submit">   
 <br>
 </br>

</form>
</body>
 </html>
 <?php include_once 'layout/footer.php'; ?>

这是PHP代码。

<?php 
include_once 'layout/header.php'; 
include_once 'db_function.php';
include_once 'helpers/helper.php';
session_start();

$DB_HOST = 'localhost';
$DB_USER = 'Chris';
$DB_PASSWORD = 'Uraloser82';
$DB_NAME = 'newsite';
$conn = mysqli_connect($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME);


$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$telephone = $_POST['telephone'];
$comments = $_POST['comments'];

$query = "INSERT INTO contact(first_name, last_name, email, telephone, comments) VALUES  ('$first_name', '$last_name', '$email', '$telephone', '$comments')";
?>

 <h4>Thank you for contacting Plank's Brickyard we will get back to you very soon!</h4>

<img class= "gamer" src= "assets/uploads/gamer.jpg">
<?php include_once 'layout/footer.php'; ?>

2 个答案:

答案 0 :(得分:2)

未插入数据的原因是您不是querying

通过添加/使用mysqli_query()

执行以下操作 
$query = mysqli_query($conn, "INSERT INTO contact ...

作为重写:

$query = mysqli_query($conn, "INSERT INTO contact 
(first_name, last_name, email, telephone, comments) 
VALUES  ('$first_name', '$last_name', '$email', '$telephone', '$comments')")

        or die(mysqli_error($conn));

使用or die(mysqli_error($conn))来捕获数据库错误,如果存在任何错误。

有关该功能的更多信息,请访问:

另外,您目前的代码向SQL injection开放 使用prepared statementsPDO with prepared statements

答案 1 :(得分:1)

您似乎缺少$conn->query($query);。此外,您还希望通过转义输入来保护自己免受SQL注入攻击。示例$first_name = $conn->real_escape_string($_POST['first_name']);如果仍有问题,请尝试通过回显查询然后在phpmyadmin中运行来进行测试。

相关问题
最新问题