我的表单具有用户输入字段和表格底部的3个提交按钮。填写时,应该更新,插入或搜索数据库记录。我已经测试了数据库连接,并且正在连接。我已经测试了我的帖子,但不是零。但是在我的结果页面上,我唯一看到的显示的是我的switch语句中的默认值。因此,我的案件陈述似乎都没有起作用。Switch语句应该从提交的$操作中使用 - 插入,更新或搜索。
form.php
<input type="submit" value="insert" name="action" class="btn btn-default">
<input type="submit" value="update" name="action" class="btn btn-default">
<input type="submit" value="search" name="action" class="btn btn-default">
form-results.php
require_once 'DataBaseConnection.php';
$firstName = $_POST['$firstName'];
$lastName = $_POST['$lastName'];
$phoneNumber = $_POST['$phoneNumber'];
$address1 = $_POST['$address1'];
$city = $_POST['$city'];
$zip = $_POST['$zip'];
$birthday = $_POST['$birthday'];
$username = $_POST['$username'];
$password = $_POST['$password'];
$sex = $_POST['$sex'];
$relationship = $_POST['$relationship'];
$action = $_POST['$action'];
?>
<div class="container">
<div class="row" style="padding-top:100px;">
<div class="col-md-12 col-sm-12">
<h2>Family & Friends Form</h2>
<p>Results:</p>
<?php
if ( !empty($_POST) ) { echo"<p>not empty post</p>";}
switch ($action){
case "insert":
$insert = "INSERT INTO `friends_family`.`users` (`firstName`,`lastName`,`phoneNumber`,`address1`,`city`,`state`,`zip`,`birthday`,`username`,`password`,`relationship`)
VALUES (`$firstName`, `$lastName`, `$phoneNumber`,`$address1`, `$city`,`$state`, `$zip`,`$birthday`,`$username`,`$password`,`$relationship`)";
$success = $con->query($insert);
if ($success == FALSE) {
$failmess = "Whole query " . $insert . "<br>";
echo $failmess;
die('Invalid query: '. mysqli_error($con));
} else {
echo "$firstName was added<br>";
}
break;
case "update":
$update = "UPDATE `friends_family`.`users` SET `phoneNumber` = '$phoneNumber', `address1` = '$address1', `city` = '$city', `zip` ='$zip', `birthday` = '$birthday',`username` = '$username',`password` = '$password',`relationship`='$relationship' WHERE `firstName` = '$firstName', `lastName`='$lastName'";
echo "$firstName $lastName was updated<br>";
break;
case "search":
$search = "SELECT * FROM friends_family.users WHERE firstName like '%$firstName%' ORDER BY firstName";
$return = $con->query($search);
if (!$return) {
$message = "Whole query " . $search;
echo $message;
die('Invalid query: ' . mysqli_error($con));
}
echo "<table class='table'><thead><th>First Name</th><th>Last Name</th><th>Phone</th><th>Address</th><th>City</th><th>State</th><th>Zip</th><th>Birthday</th><th>Sex</th><th>Relationship</th></thead><tbody>n";
while ($row = $return->fetch_assoc()){
echo "<tr><td>" . $row['firstName']
. "</td><td>" . $row['lastName']
. "</td><td>" . $row['phoneNumber']
. "</td><td>" . $row['address1']
. "</td><td>" . $row['city']
. "</td><td>" . $row['state']
. "</td><td>" . $row['zip']
. "</td><td>" . $row['birthday']
. "</td><td>" . $row['sex']
. "</td><td>" . $row['relationship'] . "</td></tr>n";
}
echo "</tbody></table>";
break;
default:
echo "Error";
break;
}
mysqli_close($con);
?>
</div>
</div>
表单元素的名称是 action
,而不是 $action
。因此:
$_POST['$action']
应该是这样:
$_POST['action']
(以及您的其余表单元素类似。)
也值得注意的是,您的代码广泛向SQL注入开放。您应该考虑使用带有查询参数的已准备好的语句。这是一个很好的起点。