duansha7453 2014-09-13 16:53
浏览 126
已采纳

创建表单并将数据存储在数据库中

I am creating simple form that accepts input from user and stores that data into database.......but I am getting the following error..I've tried many solutions..bt not single works!! Plz help me..

Here's My code..club.php 

<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" href="clubcs.css">
<title>Friends Club Registration</title>
</head>
<body>
<form action="insert.php" method="post">
<div style="text-align:center;">
<img src="logo.jpg" alt="img" height="200">
</div>
<div class="segment_header" style="width:auto;text-align:Left;">
   <h1 style="font-size:23px;">New Member Registration</h1>
</div>
<div class="text_field">
<p>First Name:<input type="text" name="first"></p>
<p>Last Name:<input type="text" name="last"></p>
<p>Address:<input type="text" name="addr"></p>
<p>City:<input type="text" name="city"></p>
<p>Contact no.:<input type="text" name="contact"></p>
<p><input type="submit"></p>
</div>
</form>
</body>
</html>

and insert.php 

<?php
$con=mysqli_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"clubinfo");
$first=mysqli_real_escape_string($con,isset($_POST['first']));
$last=mysqli_real_escape_string($con,isset($_POST['last']));
$addr=mysqli_real_escape_string($con,isset($_POST['addr']));
$city=mysqli_real_escape_string($con,isset($_POST['city']));
$contact= mysqli_real_escape_string($con,isset($_POST['contact']));
$sql1="INSERT INTO clubdata (FirstName, LastName, Address, City, Contact no.)
VALUES ('$first', '$last', '$addr', '$city', '$contact')";
if (!mysqli_query($con,$sql1))
{
die('Error: ' . mysqli_error($con));
}
echo "You have successfully registered with us!";
mysqli_close($con);
?>
  • 写回答

2条回答 默认 最新

  • dsen53898 2014-09-13 16:55
    关注

    The error (unshown in your question) is based on this Contact no. being your column.

    First, it contains a space and a period. If that is your actual column name, you should consider renaming it to Contact_no or use backticks around it.

    I.e.:

    `Contact no.`

    or removing the period and rename it to (and in your DB):

    `Contact no`

    change to

    (FirstName, LastName, Address, City, `Contact no.`)

    or remove the period and rename it in DB to Contact no

    (FirstName, LastName, Address, City, `Contact no`)

    or rename it in your DB to Contact_no with an underscore

    (FirstName, LastName, Address, City, Contact_no)

    using that type of naming convention is not considered good practice. MySQL will complain about it.

    For more information on table/column indentifiers, visit the MySQL.com website:

    Also, remove all the isset from your variables.

    $first=mysqli_real_escape_string($con,$_POST['first']);

    etc.

    You may also be injecting characters that MySQL does not agree with, apostrophes, slashes etc.. Using only mysqli_real_escape_string is not sufficient. Add stripslashes()

    I.e.:

    $first=stripslashes($_POST['first']);
$first=mysqli_real_escape_string($con,$_POST['first']);

    etc.

    Using prepared statements would be easier to use.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog