我想做一个简单的HTML表单发送数据到DB:
形式:
<form action="processor.php" method="post">
<div class="field-box">
<label>Name:</label>
<input type="text" name="name" />
</div>
<div class="field-box">
<label>Age:</label>
<input type="text" />
</div>
<div class="field-box">
<label>Phone Number:</label>
<input type="text" name="email" />
</div>
<div class="field-box">
<label>Email:</label>
<input type="text" name="username"/>
<input type="submit">
</form>
和发送数据到processor.php的SQL:
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$_POST['name']','$_POST['age']', '$_POST['phone']', '$_POST['email']')";
mysqli_close($connect);
我没有得到错误信息,它只是带我到一个空白页,没有记录插入到数据库
年龄的输入缺少名称。
<div class="field-box">
<label>Age:</label>
<input type="text" name="age" />
</div>
也不要直接插入$_POST
数据。最好使用mysqli_real_escape_string来增加安全性。插入查询也缺少结束括号
//Connecting to sql db.
$connect = mysqli_connect("XXXXXXX","XXXXXXX","XXXXXXX","XXXXXX");
//Sending form data to sql db.
$name = mysqli_real_escape_string($connect, $_POST['name']);
$age = mysqli_real_escape_string($connect, $_POST['age']);
$phone = mysqli_real_escape_string($connect, $_POST['phone']);
$email = mysqli_real_escape_string($connect, $_POST['email']);
mysqli_query($connect,"INSERT INTO users (name, age, phone, email) VALUES ('$name', '$age', '$phone', '$email')");
您的查询似乎有问题:修改后的查询看起来像
mysqli_query($connect,"INSERT INTO users (name, age, phone, email)
VALUES ('".$_POST['name']."','".$_POST['age']."', '".$_POST['phone']."', '".$_POST['email']."')";
直接插入值而不进行验证不是一个好的做法。
使用mysqli_real_escape_string对数据库