doulei2100 2019-07-14 15:15
浏览 141
已采纳

如何使用InsertInto在数据库中存储已清理的用户输入

I want to store some user's input variables into mysql. However, they are stored as :username and :password instead of the user's input.

$username = $_POST['username'];
$password = $_POST["password"];

$conn = new PDO("mysql:host=localhost;dbname=nome", "nome", "password");
$sql = "SELECT * FROM users";
$query = $conn->query($sql);
$result = $query->fetchAll(PDO::FETCH_ASSOC);

$sql = "SELECT * FROM users WHERE username = :username AND password = :password";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":username", $_POST["username"]);
$stmt->bindParam(":password", $_POST["password"]);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($result); 

if($username && $password){
    $sql = "INSERT INTO users (username, password) VALUES (':username', ':password')";    
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(":username", $_POST["username"]);
    $stmt->bindParam(":password", $_POST["password"]);
    $stmt->execute();
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
  }else{
    print "Dati non corretti";
};


<h1> Login Form </h1>
  <form action="?" method="post"> Name
    <input name="username"  value="" />


    Password
    <input name="password"  value=""/>

    <input type="submit" name="my_form_submit_button"
           value="Login" />

    </form>

When I check the phpMyAdmin table, the variables are stored as :username and :password. I would like to store them as the user's input. For example, if the user's username input is Mark, I would like to store it as Mark, instead of :username.

Thank you !

  • 写回答

1条回答 默认 最新

  • douxian4888 2019-07-14 15:47
    关注

    It's totally working now, save the following code as a php file and run it.

    I changed the following things.

    1. The INSERT sql's values ':username' to :username and same to ':password' to :password because the ' single quote converts inside to string and bindValue can skip it.
    2. Removed ? from <form action"?" to <form action"", It's defines the request page is itself.
    3. At php code, I added if($_POST) statement to check if any POST request exist before the instering values to database table.
    4. And last change is at the bindParam, I added PDO::PARAM_STR as a last variable to send fuction to define the values type.
    <?php


$conn = new PDO("mysql:host=localhost;dbname=nome", "nome", "password");
$sql = "SELECT * FROM users";
$query = $conn->query($sql);
$result = $query->fetchAll(PDO::FETCH_ASSOC);

var_dump($result);

if($_POST){
    $username = $_POST['username'];
    $password = $_POST["password"];

    $sql = "INSERT INTO users (username, password) VALUES (:username, :password)";    
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(":username", $_POST["username"], PDO::PARAM_STR);
    $stmt->bindParam(":password", $_POST["password"], PDO::PARAM_STR);
    $stmt->execute();
}




?>

<h1> Login Form </h1>
<form action="" method="post"> Name
<input name="username"  value="" />


Password
<input name="password"  value=""/>

<input type="submit" name="my_form_submit_button"
        value="Login" />

</form>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效