当前位置: 动力学知识库 > 问答 > 编程问答 >

Insert query to insert into a MySQL database does not work. (PHP)

问题描述:

I'm trying to insert values from a form and insert it onto a MySQL database.

But it does not work.

I'm a beginner,please help.

Here is my Code:

<?php

function register(){

$name = $_POST['name'];

$address = $_POST['address'];

$email = $_POST['email'];

$phone = $_POST['phone'];

//echo $name;

$con = mysqli_connect("localhost", "root", "", "LinuxCreditSociety");

$rs = $con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(1003,'$name','$address','$phone','$email')");

$rs->free();

$con->close();

}

?>

<html>

<head>

<title>Registration</title>

<link rel="stylesheet" type="text/css" href="phpcss.css"></link>

</head>

<body>

<div style="position:absolute;left:300px;top:5px">

<h1 align="center"><font face="Purisa" size="20" color="purple">Linux Credit Society</font></h1>

</div>

<div style="position:absolute;right:160px;top:5px"><img src="linux.jpg" height="150" /></div>

<div style="position:absolute;left:140px;top:5px"><img src="linux.jpg" height="150" /></div>

<form method="post">

<div class="st1">

Name:</br></br>

Address:</br></br>

Email-id:</br></br>

Phone#:</br></br>

</div>

<div class="st2">

<div style="position:absolute;top:5px">

<input type="text" name="name">

</div>

<div style="position:absolute;top:78px">

<input type="text" name="address">

</div>

<div style="position:absolute;top:148px">

<input type="text" name="email">

</div>

<div style="position:absolute;top:218px">

<input type="text" name="phone">

</div>

<div style="position:absolute;top:290px;">

<input type="submit" value="Register">

</div>

</div>

</form>

<div style="position:absolute;top:320px;">

<?php

if(isset($_POST['submit']) && $_POST['submit'] == "Register")

register();

?>

</div>

</body>

</html>

And this is how I have created my database:

create database LinuxCreditSociety;

use LinuxCreditSociety;

create table cust_mst(

customer_id int,

customer_name varchar(50),

customer_address varchar(70),

customer_mobile double,

email_id varchar(50));

insert into cust_mst values(1001, 'Jack Mathew', 'Bandra', '9998887770', '[email protected]');

insert into cust_mst values(1002, 'Jill Roberts', 'Dadar', '999665550', '[email protected]');

EDIT:

Guys I just made one change and it worked thankyou.Now I will work on Injections as well!!

Here is what I did:

I just changed the call from ->

 <?php

if(isset($_POST['submit']) && $_POST['submit'] == "Register")

register();

?>

to this ->

<?php

if(isset($_POST['name']) && $_POST['name'] != "")

register();

?>

网友答案:

Surely you want this the other way around:

$_POST[name] = $name;
$_POST[address] = $address;
$_POST[email] = $email;
$_POST[phone] = $phone;

eg:

$name = $_POST['name'];
$address = $_POST['address'];
$email = $_POST['email'];
$phone = $_POST['phone'];
网友答案:

I assume your data is coming from $_POST. Change

$_POST[name] = $name;
$_POST[address] = $address;
$_POST[email] = $email;
$_POST[phone] = $phone;

Into

$name = $con->real_escape_string($_POST['name']);
$address = $con->real_escape_string($_POST['address']);
$email = $con->real_escape_string($_POST['email']);
$phone = $con->real_escape_string($_POST['phone']);

Note the use of mysqli_real_escape_string() in order to prevent SQL injections. Also, since you're already using the mysqli extension, consider building prepared statements rather than interpolating variables into the query string.

Last side note: to prevent error notices like "Use of undefined constant name - assumed 'name' in /your/script", access array keys using strings (i.e. $_POST['name'] instead of $_POST[name]).

网友答案:

Try this, but dont forget to sanitize your variables !!!

function register(){

    $name       = $_POST['name'];
    $address    = $_POST['address'];
    $phone      = $_POST['email'];
    $email      = $_POST['phone'];

    $con = new mysqli("localhost", "root", "", "LinuxCreditSociety");

    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    if (!$con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(NULL,'$name','$address','$phone','$email')")) {
        printf("Errormessage: %s\n", $con->error);
    }

    $con->close();
}
网友答案:
function register(){

    $name       = $_POST['name'];
    $address    = $_POST['address'];
    $phone      = $_POST['email'];
    $email      = $_POST['phone'];

    $con = mysqli_connect("localhost", "root", "", "LinuxCreditSociety");
    $rs = $con->query("insert into cust_mst (customer_id,customer_name,customer_address,customer_mobile,email_id)values(NULL,'{$name}','{$address}','{$phone}','{$email}')");
    $rs->free();
    $con->close();
}
分享给朋友:
您可能感兴趣的文章:
随机阅读: