我正在尝试使用一些PHP将一些HTML表单数据处理到MySQL数据库中,但这是我第一次涉足webdev,我想我已经头疼了。表单被过帐到formSubmit.php文件,该文件将其转换为sql命令随后查询的变量。我已经尝试过更改变量布局,但是由于某种原因它仍然无法发送。
HTML表单:
<form class="middleForm" name="pizzaGuest" action="formSubmit.php" method="POST">
<fieldset>
<legend>Guest details</legend>
First name:<br>
<input type="text" name="firstName" required><br>
Last name:<br>
<input type="text" name="lastName" required><br>
Email address:<br>
<input type="email" name="email" required><br>
Party date:<br>
<input type="date" name="date" required><br>
Diet:<br>
<select name="diet">
<option value="omnivore" selected>Omnivore</option>
<option value="pescatarian">Pescatarian</option>
<option value="vegetarian">Vegetarian</option>
<option value="vegan">Vegan</option>
</select><br>
Dairy free?<br>
<input type="checkbox" name="dairyFree"><br>
Toppings:<br>
<input type="text" name="toppings"><br>
Allergies:<br>
<input type="text" name="allergies"><br>
<input type="submit" value="Submit">
</fieldset>
</form>
formSubmit.php:
<?php
$servername = "localhost";
$username = "partyForm";
$password = "████████████";
$dbname = "pizza";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$FirstName = $_POST["firstName"];
$LastName = $_POST["lastName"];
$Diet = $_POST["diet"];
$Allergies = $_POST["allergies"];
$Email = $_POST["email"];
$DairyFree = $_POST["dairyFree"];
$sql = "REPLACE INTO guests (FirstName, LastName, Diet, Allergies, Email, DairyFree) VALUES ($FirstName, $LastName, $Diet, $Allergies, $Email, $DairyFree);";
mysql_query($sql)
mysqli_close($conn);
?>
您可以尝试使用prepared statements
它们,因为它们会阻止sql注入,并避免在sql省略时添加引号。
<?php
$servername = "localhost";
$username = "partyForm";
$password = "xxx";
$dbname = "pizza";
$conn = new mysqli( $servername, $username, $password, $dbname );
if( !$conn ) die("Connection failed");
$sql = "replace into guests ( `firstname`, `lastname`, `diet`, `allergies`, `email`, `dairyfree` ) values (?,?,?,?,?,?);";
$stmt=$conn->prepare($sql);
$stmt->bind_param('ssssss',$_POST["firstName"], $_POST["lastName"], $_POST["diet"], $_POST["allergies"], $_POST["email"], $_POST["dairyFree"] );
$stmt->execute();
$stmt->close();
$conn->close();
?>
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句