这个问题已经存在:
如果表单数据不符合条件,如何使php不向mysql发送表单数据?
两年前关门了。
正如上面的标题所说,我完全困惑于为什么我的网站没有将数据插入我的数据库(是的,我已经做了所有必要的专栏和东西)。它可能与单选按钮和“preke”标签有关,所以如果你看到任何我搞砸的东西,它会帮我很多忙!
这是我的密码:
<!DOCTYPE HTML>
<?php
// define variables and set to empty values
$VarErr = $PavErr = $AdErr = $PreErr = $PkErr = $KiekErr = "";
$Vardas = $Pavarde = $Adresas = $Preke = $Pk = $Kiekis = "";
?>
<html class="no-js" lang="en">
<head>
<title>Dailės parduotuvė</title>
<meta charset="UTF-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="css/stilius.css">
</head>
<body class="content ">
<div class="container">
<nav class="navbar navbar-expand-lg navbar-dark ">
<a class="navbar-brand" href="index.html">Kauno dailė</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="Visos.html">Visos prekės</a>
</li>
<li class="nav-item">
<a class="nav-link" href="Uzsakymas.php">Užsisakymas</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Kontaktai</a>
</li>
</ul>
</div>
</nav>
<div>
<div class="content sm-4 text-center">
<h2>Užsisakymo forma</h2>
<p><span class="error">* privalomi laukai</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<p class="text-center">Vardas</p><br>
<input type="text" name="Vardas" value="<?php echo $Vardas;?>">
<span class="error">* <?php echo $VarErr;?></span>
<p class="text-center">Pavarde</p><br>
<input type="text" name="Pavarde" value="<?php echo $Pavarde;?>">
<span class="error">* <?php echo $PavErr;?></span>
<p class="text-center">Adresas</p><br>
<input type="text" name="Adresas" value="<?php echo $Adresas;?>">
<span class="error">* <?php echo $AdErr;?></span><br>
Prekės rūšis:<br>
<input type="radio" name="Preke" value="Vienišas(-a)" checked>Dažai(5€)<br>
<input type="radio" name="Preke" value="Susituokęs(-usi)">Teptukas(2€)<br>
<input type="radio" name="Preke" value="Išsiskyręs(-usi)">Pieštukas(2€)<br>
<input type="radio" name="Preke" value="Našlys(-ė)">Ofiso įrankis(1€)<br>
<span class="error">* <?php echo $PreErr;?></span>
<br>
<p class="text-center">Prekės kodas</p><br>
<input type="number" name="Pk" value="<?php echo $Pk;?>">
<span class="error">* <?php echo $PkErr;?></span>
<p class="text-center">Kiekis</p><br>
<input type="number" name="Kiekis" value="<?php echo $Kiekis;?>">
<span class="error">* <?php echo $KiekErr;?></span>
<br>
<!-- Input For Add Values To Database-->
<input type="submit" name="insert" value="Užsisakyti">
</div>
</div>
<div class="content py-5">
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Vardas"])) {
$VarErr = "Įveskite vardą";
} else {
$Vardas= test_input($_POST["Vardas"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$Vardas)) {
$VarErr = "Galima vesti tik su raidėmis";
}
}
if (empty($_POST["Pavarde"])) {
$PavErr = "Įveskite pavardę";
} else {
$Pavarde = test_input($_POST["Pavarde"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$Pavarde)) {
$PavErr = "Galima vesti tik su raidėmis";
}
}
if (empty($_POST["Adresas"])) {
$AdErr = "Įveskite adresą";
} else {
$Adresas= test_input($_POST["Adresas"]);
}
}
if (empty($_POST["Preke"])) {
$PreErr = "Pasirinkite prekės tipą";
} else {
$Preke = test_input($_POST["Preke"]);
}
if (empty($_POST["Pk"])) {
$Pk = "Įveskite prekės kodą";
} else {
$Pk = test_input($_POST["Pk"]);
}
if (empty($_POST["Kiekis"])) {
$KiekErr = "Įveskite kiekį";
} else {
$Kiekis = test_input($_POST["Kiekis"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$host = "localhost";
$user = "root";
$password ="";
$database = "uzsakymas";
try{
$connect = mysqli_connect($host,$user,$password,$database);
}
catch(mysqli_sql_exception $ex){
echo 'database connection error';
}
//insert
if(isset($_POST['insert'])) {
$Vardas = $_POST['Vardas'];
$Pavarde = $_POST['Pavarde'];
$Adresas = $_POST['Adresas'];
$Preke = $_POST['Preke'];
$Pk = $_POST['Pk'];
$Kiekis = $_POST['Kiekis'];
$insert_query = "INSERT INTO uzsakymai (Vardas,Pavarde,Adresas,Preke,Pk,Kiekis,)VALUES('$Vardas','$Pavarde','$Adresas','$Preke','$Pk','$Kiekis')";
try {
$insert_result = mysqli_query($connect,$insert_query);
if($insert_result){
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Inserted';
}else{
echo'Data not Inserted';
}
}
} catch(Exception $ex) {
echo 'Error Insert'.$ex->getMessmessage();
}
}
?>
</div>
<div class = "footer py-5 bg-secondary">
</div>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
</body>
</html>
2条答案
按热度按时间rqmkfv5c1#
您的问题在“输入值”属性中。将其设置为空变量。从输入标记中删除值,如下所示:
应该有用。关于mysql查询,它们容易受到sql注入攻击。使用pdo来防止sql注入。
pcrecxhr2#
您已经插入了值,如果要使用值=“”。然后,在sql中,应该更新而不是插入。另外,正如上面提到的rpm192,您应该使用参数化查询,否则您将面临sql注入。祝你好运!