我的php脚本不能在mysql数据库上编写

tpgth1q7  于 2021-06-19  发布在  Mysql
关注(0)|答案(3)|浏览(358)

我开始学习php,我需要你的帮助,因为我正试图写我的mysql数据库。这个脚本看起来很好(对我来说:d),它不会给我错误。但是当我提交查询时,数据不会出现在我的mysql数据库中。你能帮帮我吗?
这是我的html/php代码:

<?php
session_start();
$_SESSION['message'] = '';

//connection variables

$host = '127.0.0.1';
$user = 'root';
$password = 'MyPassword';
$database= 'test';
$port= '3306';

//create mysql connection
$mysqli = new mysqli($host, $user, $password,$database,$port);
if ($mysqli->connect_errno) {
    printf("Connection failed: %s\n", $mysqli->connect_error);
    die();
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $name = $mysqli->real_escape_string($_POST['name']);
    $email = $mysqli->real_escape_string($_POST['email']);
    if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }
}
?>

    <!DOCTYPE html>
    <html>
        <center>
        <h1>Inputs</h1>
        <form class="form" action="welcome.php" method="post" autocomplete="off">
            <div class="alert alert-error"><?= $_SESSION['message'] ?></div>
     <input type="text" name="name" placeholder="Insert your name" /> <br>
     <input type="email" name="email" placeholder="Insert your email"/><br>
     <input type="submit" name="submit" placeholder="Submit"/>
        </form>
        </center>
    </html>

这是数据库:[表结构][

]1[数据库信息]

dgtucam1

dgtucam11#

如果查询中有语法错误,请尝试更改 INSERT 在if条件中查询:

if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }

像这样:

if ($mysqli->query("INSERT INTO contatti (name, email) 
             VALUES('$name', '$email')") == true) {
        $_SESSION['message'] = "registration succesfull! Added $name to the database";
    } else {
        $_SESSION['message'] = "User can't be added to the database";
    }
ffscu2ro

ffscu2ro2#

请改用预备语句和绑定参数:http://php.net/manual/en/mysqli-stmt.bind-param.php
您还可以使用调试mysql服务器响应 error_list :

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $stmt = $mysqli->prepare("INSERT INTO `contatti` (`name`, `email`) VALUES (?,?)");
    $stmt->bind_param('ss', $name, $email);
    if ($stmt->execute()) {
        /* ... */
    }
    else {
        $errors = $stmt->error_list;
        /* ... */
    }
}
6ie5vjzr

6ie5vjzr3#

如果可能的话,您应该为mysql和php使用准备好的语句,至少可以防止sql注入(so ref)。
也就是说,当你读到这一行时: if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ($name,$email)") == true) 您正在将字符串连接到sql查询中,而不带引号,查询字符串看起来像($name='test',$email='test')test@test' : INSERT INTO 'contatti' ('name', 'email') VALUES (test,test@test) :语法错误
必须对sql上的字符串进行转义: if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name', '$email' )") == true) 结果查询应如下所示: INSERT INTO 'contatti' ('name', 'email') VALUES ('test','test@test') 编辑:请注意,表(contatti)和字段name(name,email)应该用反引号括起来,而不是单引号(我不能在引号中转义反引号),变量$name和$email应该用单引号括起来

相关问题