嘿伙计们,我想将表单中的复选框值插入数据库中。但我尝试的是不行。我完全不知道该怎么做。任何帮助将不胜感激。
HTML PART:
<div id="reg-data"></div>
<input type="text" name="username" required="required" placeholder="Enter your name" id="username" />
<div id="username_availability_result"></div>
<input type="password" name="password" required="required" placeholder="Enter your password" id="password" />
<label for="gender">Gender </label>
<input type="radio" name="gender" required="required" id="gender" value="Male" />Male
<input type="radio" name="gender" required="required" id="gender" value="Female"/>Female
<br/><br/>
<label for="qualification">Qualification</label>
<select name="qualification" value="Qualification" id="qualification">
<option value="SSLC">SSLC</option>
<option value="HSC">HSC</option>
<option value="UG">UG</option>
<option value="PG">PG</option>
</select><br/><br/>
<label for="hobbies">Hobbies </label>
<input type="checkbox" name="hobbies[]" id="hobbies" value="Cricket" />Cricket
<input type="checkbox" name="hobbies[]" id="hobbies" value="Music" />Music
<input type="checkbox" name="hobbies[]" id="hobbies" value="Swimming" />Swimming
<input type="text" name="location" placeholder="Please give your location" id="location" />
<input type="text" name="company" placeholder="Where do you work?" id="company" />
<input type="text" name="designation" placeholder="Provide your designation" id="designation" />
<div class="submit"><input type="submit" name="register" value="Register" id="reg" disabled="disabled" /></div>
<div class="clear"></div>
PHP PART:
<?php
$servername = 'localhost';
$username = 'root';
$password = '';
try
{
$conn = new PDO("mysql:host=$servername;dbname=test", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$username = $_POST['username'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$qualification = $_POST['qualification'];
$hobb = array('cricket', 'music', 'swimming');
$hobbies = $_POST['hobbies'];
$sql = "Insert into lousers (Username, Password, Gender, Qualification, Location, Company, Designation)
values ('".$_POST["username"]."', '".$_POST["password"]."', '".$_POST["gender"]."', '".$_POST["qualification"]."', '".$_POST["location"]."', '".$_POST["company"]."', '".$_POST["designation"]."')";
$conn->exec($sql);
$id = $sql_insert_id;
$values = array();
foreach($hobb as $selection) {
if(in_array($selection, $hobbies)) {
$values[ $selection ] = 1;
} else {
$values[ $selection ] = 0;
}
}
$s2 = "UPDATE 'lousers'.'join'
SET
'cricket' = '".$values['cricket']."',
'music' = '".$values['music']."',
'swimming' = '".$values['swimming']."'
WHERE
'join'.'id' = ".$id."";
$conn->exec($s2);
echo "<br>";
echo 'Thank you for registering. Login to access your profile';
?>
答案 0 :(得分:0)
你应该切换到准备好的语句来摆脱你现在拥有的sql注入漏洞。
您当前的问题似乎是使用了错误的引号:
$s2 = "UPDATE 'lousers'.'join'
SET
'cricket' = '".$values['cricket']."',
'music' = '".$values['music']."',
'swimming' = '".$values['swimming']."'
WHERE
'join'.'id' = ".$id."";
单引号或双引号用于字符串值。对于表名和列名,您需要使用反引号(`)。仅当名称是保留字,以数字开头,包含空格等时,才需要这样做,有关详细信息,请参阅manual。
所以它看起来像(使用预处理语句占位符,虽然在你的第一个sql语句中更紧急):
$s2 = "UPDATE `lousers`.`join`
SET
`cricket` = :cricket,
`music` = :music,
`swimming` = :swimming
WHERE
`join`.`id` = :id;
另请注意,html ID值必须是唯一的,但与您当前的问题无关。