dongtun1209 2017-05-26 14:43
浏览 43
已采纳

使用php将值插入数据库

i am using php and mysql db , i want take the values from the two input type and insert them to data base when the button save clicked when run the code no erros shown but its do not save in the db here is the code. (note that the id is auto increment and the admin table contains three columns id,username , password) addAdmin.php : 

<?php include("connect.php");?>
<div class="col-md-12">
<!-- Add admin -->
<div class="box box-info">
  <div class="box-header with-border">
    <h3 class="box-title">Add admin</h3>
  </div>
  <!-- /.box-header -->
  <!-- form start -->
  <form id="adminForm" class="form-horizontal" action="" method = "get">
    <div class="box-body">

        <div class="form-group">
        <label for="inputName" class="col-sm-2 control-label">User 
  name</label>

        <div class="col-sm-10">
          <input type="text" class="form-control" id="inputName" 
           placeholder="user name" name="username" required >
        </div>
      </div>

      <div class="form-group">
        <label for="inputPassword3" class="col-sm-2 control-
  label">Password</label>

        <div class="col-sm-10">
          <input type="password" class="form-control" id="inputPassword3" 
  placeholder="Password" name="password" required>
        </div>

      </div>





    </div>
    <!-- /.box-body -->
    <div class="box-footer">
        <input  type = "submit" class="btn btn-info pull-right save" name = 
     "submit" value = "save">
      <?php 
      if(isset($_POST["submit"])) {
          $name = $_GET['username'];
          $password = $_GET['password'];


          $insertNewAdmin = "INSERT INTO `admin` VALUES 
          ('$name','$password')";
          mysql_query($insertNewAdmin);

      }
      ?>
    </div>
    <!-- /.box-footer -->
  </form>
</div>
<!-- /.box -->
</div>
  • 写回答

1条回答 默认 最新

  • dsjmrpym220113739 2017-05-26 14:58
    关注

    Allow me to re write your full code for you using the recommended industry standards. First of all you should never ever use the get method $_GET when sending a form data to a database more especially when it contains passwords.

    mysql_* api that you are using has been depreciated since I was doing my second year at college, I have graduated and with 3 years working experience, since it was depreciated ;) and was completely remove on php 7.. therefore you should be using mysqli_* or PDO as of v5.5.0 see : Why shouldn't I use mysql_* functions in PHP?

    then another issue with your code is at risk of sql inections as @Jay Blanchard have stated above, you can follow his block here to learn more about what he' saying : http://jayblanchard.net/demystifying_php_pdo.html

    so to solve what Jay have highlighted above we use something called prepared statements : which prevents against SQL injections.

    Then we also in the modern days do not store passwords in plain texts or md5 these days we use password_hash() and password_verify() to store password hash in the database and check the stored password against the user entered password:

    in my code you will see : (userNameColumnName,passwordColumnName) userNameColumnName is the column in your table where you will store username and passwordColumnName is teh column in your table where you will store password and make sure the char length is at least 60 chars or better 255.

    You can't insert values like this "INSERT INTOadminVALUES ('$name','$password') unless you have exactly two fields in your tabl e as I guess you don't you should atleast have 3. connect.php

    // Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

    then the other page

    <?php include("connect.php");

    $errors=false;

if(isset($_POST['submit'])){

    $fields = array("username","password");
    foreach($fields as $fieldname){
        if(!isset($_POST[$fieldname]) && empty($_POST[$fieldname])){

            echo "enter username and password";
            $errors = true;
        }
    }

    if(!$errors){

        $username = $_POST['username'];
        $password = $_POST['password'];

        $hash = password_hash($password);

        $sql = "INSERT INTO admin (userNameColumnName,passwordColumnName) VALUES(?,?)";

        $stmt = $conn->prepare($sql);
        $stmt->bind_param("ss",$username,$hash);
        if($stmt->execute()){

            echo "user added";
        }else{

            echo "error adding user";
            error_log("error".$conn->error); // go and check your error log what was the error
        }
    }

}

?>
<div class="col-md-12">
    <!-- Add admin -->
    <div class="box box-info">
        <div class="box-header with-border">
            <h3 class="box-title">Add admin</h3>
        </div>
        <!-- /.box-header -->
        <!-- form start -->
        <form id="adminForm" class="form-horizontal" action="" method = "POST">
            <div class="box-body">
                <div class="form-group">
                    <label for="inputName" class="col-sm-2 control-label">User 
                    name</label>
                    <div class="col-sm-10">
                        <input type="text" class="form-control" id="inputName" 
                            placeholder="user name" name="username" required >
                    </div>
                </div>
                <div class="form-group">
                    <label for="inputPassword3" class="col-sm-2 control-
                        label">Password</label>
                    <div class="col-sm-10">
                        <input type="password" class="form-control" id="inputPassword3" 
                            placeholder="Password" name="password" required>
                    </div>
                </div>
            </div>
            <!-- /.box-body -->
            <div class="box-footer">
                <input  type = "submit" class="btn btn-info pull-right save" name = "submit" value = "save">
            </div>
            <!-- /.box-footer -->
        </form>
    </div>
    <!-- /.box -->
</div>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路