无法使PHP将表单数据处理到MySQL数据库中

debugcn 发表于 Dev

乔治·波吉

我正在尝试使用一些PHP将一些HTML表单数据处理到MySQL数据库中，但这是我第一次涉足webdev，我想我已经头疼了。表单被过帐到formSubmit.php文件，该文件将其转换为sql命令随后查询的变量。我已经尝试过更改变量布局，但是由于某种原因它仍然无法发送。

HTML表单：

<form class="middleForm" name="pizzaGuest" action="formSubmit.php" method="POST">
<fieldset>
    <legend>Guest details</legend>
    First name:<br>
        <input type="text" name="firstName" required><br>
    Last name:<br>
        <input type="text" name="lastName" required><br>
    Email address:<br>
        <input type="email" name="email" required><br>
    Party date:<br>
        <input type="date" name="date" required><br>
    Diet:<br>
        <select name="diet">
            <option value="omnivore" selected>Omnivore</option>
            <option value="pescatarian">Pescatarian</option>
            <option value="vegetarian">Vegetarian</option>
            <option value="vegan">Vegan</option>
        </select><br>
    Dairy free?<br>
        <input type="checkbox" name="dairyFree"><br>
    Toppings:<br>
        <input type="text" name="toppings"><br>
    Allergies:<br>
        <input type="text" name="allergies"><br>
    <input type="submit" value="Submit">
</fieldset>
</form>

formSubmit.php：

<?php
        $servername = "localhost";
        $username = "partyForm";
        $password = "████████████";
        $dbname = "pizza";
        $conn = mysqli_connect($servername, $username, $password, $dbname);
        if (!$conn) {
            die("Connection failed: " . mysqli_connect_error());
        }

        $FirstName = $_POST["firstName"];
        $LastName = $_POST["lastName"];
        $Diet = $_POST["diet"];
        $Allergies = $_POST["allergies"];
        $Email = $_POST["email"];
        $DairyFree = $_POST["dairyFree"];

        $sql = "REPLACE INTO guests (FirstName, LastName, Diet, Allergies, Email, DairyFree) VALUES ($FirstName, $LastName, $Diet, $Allergies, $Email, $DairyFree);";

        mysql_query($sql)
        mysqli_close($conn);
    ?>

亚伯龙修斯教授

您可以尝试使用prepared statements它们，因为它们会阻止sql注入，并避免在sql省略时添加引号。

<?php

    $servername = "localhost";
    $username = "partyForm";
    $password = "xxx";
    $dbname = "pizza";

    $conn = new mysqli( $servername, $username, $password, $dbname );
    if( !$conn ) die("Connection failed");

    $sql = "replace into guests ( `firstname`, `lastname`, `diet`, `allergies`, `email`, `dairyfree` ) values (?,?,?,?,?,?);";
    $stmt=$conn->prepare($sql);
    $stmt->bind_param('ssssss',$_POST["firstName"], $_POST["lastName"], $_POST["diet"], $_POST["allergies"], $_POST["email"], $_POST["dairyFree"] );
    $stmt->execute();
    $stmt->close();
    $conn->close();
?>

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。