doudao1950 2014-05-26 04:10
浏览 23
已采纳

mysql php中的空白条目

I am new to mysql php and I have been struggling to make this simple name entry form work but it has been failing on me by inserting blank entries. I have been looking arround the web for a while but nothing has been helpful.

This is my html form

    <form action="demo.php" method="post"> 
    name:<input type="text" name="input1">
    <br/>
    <input type="submit" value="submit">
    </form>

My php code

    <?php

    define('db_name', 'demo');
    define('db_user', 'root');
    define('db_password', 'password');
    define('db_host', 'localhost');

    $link = mysql_connect (db_host, db_user, db_password);

    if (!$link) {
       die('could not connect: '. mysql_error());
    }

    $db_selected = mysql_select_db(db_name, $link);

    if (!$db_selected) {
    die('can\'t use' . db_name . ': ' . mysql_error());
    }


    $value = $_post['input1'];

    $sql = "insert into demo (name) values ('$value')";

    if (!mysql_query($sql)) {
      die('Error: ' . mysql_error());
    }

    mysql_close();
    ?>

Mysql table

+-------+-------------+------+-----+---------+----------------+
| Field | Type        | Null | Key | Default | Extra          |
+-------+-------------+------+-----+---------+----------------+
| id    | int(11)     | NO   | PRI | NULL    | auto_increment |
| name  | varchar(30) | YES  |     | NULL    |                |
+-------+-------------+------+-----+---------+----------------+
  • 写回答

3条回答 默认 最新

  • duanji9264 2014-05-26 04:26
    关注

    I'm surprised you didn't see the big red-ish (pink?) warning on all the mysql_* functions in the PHP manual. To summarise...

    Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

    So, on that advice, I suggest you try mysqli.

    In regards to your specific problem, I'd say it's as Fred said in the comments, $_post should be $_POST. In PHP, variable names are case sensitive.

    You should also prepare an INSERT statement and use parameter binding to avoid SQL injection vulnerabilities.

    Here's an example to summarise...

    $link = new mysqli('localhost', 'root', 'password', 'demo');
if ($link->connect_errno) {
    throw new Exception($link->connect_error, $link->connect_errno);
}

// Check that the expected value has been provided via a POST request
if (!isset($_POST['input1'])) {
    throw new Exception('Missing POST request parameter [input1]');
}

// now prepare an INSERT statement
if (!$stmt = $link->prepare('INSERT INTO `demo` (`name`) VALUES (?)')) {
    throw new Exception($link->error, $link->errno);
}

// bind parameters
$stmt->bind_param('s', $_POST['input1']);

if (!$stmt->execute()) {
    throw new Exception($stmt->error, $stmt->errno);
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算