嘿大家,你可以看到我放了整个代码,因为 我正在尝试连接并将信息写入数据库,这是非常基本和简单但我不明白我做错了什么???? 我试图让用户通过填写表单将信息放入数据库,在用户提供他的信息之后我想将它放在数据库中。数据库本身是构建的,并且制作了表和行。
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $phoneErr = $cityErr = $countyErr = $adressErr = "";
$name = $email = $gender = $phone = $instagram = $facebook = $city = $country = $adress = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name1"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name1"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["phone"])) {
$phone = "Phone number is required";
} else {
$phone = test_input($_POST["phone"]);
}
if (empty($_POST["gender"])) {
$genderErr = "Gender is required";
} else {
$gender = test_input($_POST["gender"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Amsterdam event attending</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>, <">
Name:
<input type="text" name="name1" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
Adress:
<input type="text" name="adress" value="<?php echo $adress;?>">
<span class="error">*</span>
<br><br>
City:
<input type="text" name="city" value="<?php echo $city;?>">
<span class="error">*</span>
<br><br>
E-mail:
<input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Instagram:
<input type="text" name="insta" value="">
<br><br>
Facebook:
<input type="text" name="face" value="">
<br><br>
Phone number:
<input type="text" name="phone" value="<?php echo $phone;?>">
<span class="error">* <?php echo $phoneErr;?></span>
<br><br>
Gender:
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male
<span class="error">* <?php echo $genderErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
if(isset($_POST['submit'])){
}
$servername = 'localhost';
$username = 'root';
$password = '1234';
$database = 'amsterdam';
$conn = mysqli_connect($servername, $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_errno());
}
$sql = "INSERT INTO inschrijvingen (name, adress, city, email, insta, face, phone, gender);
VALUES ($_POST[name1], $_POST[adress], $_POST[city], $_POST[email], $_POST[insta], $_POST[face], $_POST[phone], $_POST[gender])";
mysql_close($conn);
?>
</body>
</html>
答案 0 :(得分:1)
您应该将VALUES放在单引号中。但是,当您在查询中直接编写$_POST变量时,这是不可能的,因为$_POST索引名称周围的单引号会在代码中产生错误。您正在做的主要错误是将$_POST变量直接传递给您的查询,这会产生严重的安全问题,如SQL注入。
您应该使用mysqli_real_escape_string()函数执行此操作,并为$ _POST数组的每个索引创建变量。
我会这样做:
$conn = mysqli_connect($servername, $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_errno());
}
$name=mysqli_real_escape_string($_POST['name1']);
$adress=mysqli_real_escape_string($_POST['adress']);
$city=mysqli_real_escape_string($_POST['city']);
$email=mysqli_real_escape_string($_POST['email']);
$insta=mysqli_real_escape_string($_POST['insta']);
$face=mysqli_real_escape_string($_POST['face']);
$phone=mysqli_real_escape_string($_POST['phone']);
$gender=mysqli_real_escape_string($_POST['gender']);
$sql = "INSERT INTO inschrijvingen (name, adress, city, email, insta, face, phone, gender);
VALUES ('$name', '$adress', '$city', '$email', '$insta', '$face', '$phone', '$gender')";
$result=mysqli_query($conn,$sql);
之前没有检查过代码和之后的代码。我刚刚更正了查询和values参数。我还在代码中添加了mysqli_query()函数。此函数是主函数,负责执行您在代码中错过的查询。如果这可以解决您的问题,请告诉我。
答案 1 :(得分:0)
我认为问题在于您在页面上写一些内容之后尝试打开I / O流(使用SQL服务器的流)。 你无法打开stdout(流到你正在生成的页面),然后尝试在php中打开另一个流。在将第一个字符写入页面之前,需要生成所有其他流。试试这个:
1.x答案 2 :(得分:0)
我注意到的一些事情:
你有一个if语句,你没有使用
Predicate<String> isInArrayA = searchStr-> arrayListA.stream().anyMatch(str -> str.contains(searchStr));
arrayListFound = (ArrayList<String>) arrayListB.stream()
.filter(isInArrayA)
.collect(Collectors.toList());
$ sql definition在它的中途有一个分号,应该是:
if(isset($_POST['submit'])){
}
定义$ sql后,您实际上从未使用
查询数据库$sql = "INSERT INTO inschrijvingen (name, adress, city, email, insta, face, phone, gender)
VALUES ($_POST[name1], $_POST[adress], $_POST[city], $_POST[email], $_POST[insta], $_POST[face], $_POST[phone], $_POST[gender])";
最后,你混合了mysql和mysqli。你的密切陈述应该是
mysqli_query($conn, $sql);
还有其他一些问题,但看起来其他一些答案已经解决了这些问题。
答案 3 :(得分:0)
您需要将代码放在if(isset($_POST['submit']))花括号中,并将SQL括在else括号中。此外,您似乎使用的是mysql_close()而不是mysqli_close()。
if(isset($_POST['submit'])){
$servername = 'localhost';
$username = 'root';
$password = '1234';
$database = 'amsterdam';
$conn = mysqli_connect($servername, $username, $password, $database);
if (!$conn) {
die("Connection failed: " . mysqli_connect_errno());
}else{
$name=$_POST['name1'];
$adress=$_POST['adress'];
$city=$_POST['city'];
$email=$_POST['email'];
$insta=$_POST['insta'];
$face=$_POST['face'];
$phone=$_POST['phone'];
$gender=$_POST['gender'];
$sql = "INSERT INTO inschrijvingen (name, adress, city, email, insta, face, phone, gender)
VALUES ('$name', '$adress','$city', '$insta, '$face', '$phone', '$gender')";
mysqli_close($conn);
}
}
使用已准备好的声明。
您的代码可以轻松注入。我建议使用准备好的陈述。
在这种情况下,您准备好的陈述如下:
$sql = "INSERT INTO inschrijvingen (name, adress, city, email, insta, face, phone, gender)
VALUES (?,?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sssssss", $name, $adress, $city, $email, $insta, $face, $phone, $gender);
$stmt->close();
$conn->close();