doudao1950 2014-05-26 04:10
浏览 23
已采纳

mysql php中的空白条目

I am new to mysql php and I have been struggling to make this simple name entry form work but it has been failing on me by inserting blank entries. I have been looking arround the web for a while but nothing has been helpful.

This is my html form

    <form action="demo.php" method="post"> 
    name:<input type="text" name="input1">
    <br/>
    <input type="submit" value="submit">
    </form>

My php code

    <?php

    define('db_name', 'demo');
    define('db_user', 'root');
    define('db_password', 'password');
    define('db_host', 'localhost');

    $link = mysql_connect (db_host, db_user, db_password);

    if (!$link) {
       die('could not connect: '. mysql_error());
    }

    $db_selected = mysql_select_db(db_name, $link);

    if (!$db_selected) {
    die('can\'t use' . db_name . ': ' . mysql_error());
    }


    $value = $_post['input1'];

    $sql = "insert into demo (name) values ('$value')";

    if (!mysql_query($sql)) {
      die('Error: ' . mysql_error());
    }

    mysql_close();
    ?>

Mysql table

+-------+-------------+------+-----+---------+----------------+
| Field | Type        | Null | Key | Default | Extra          |
+-------+-------------+------+-----+---------+----------------+
| id    | int(11)     | NO   | PRI | NULL    | auto_increment |
| name  | varchar(30) | YES  |     | NULL    |                |
+-------+-------------+------+-----+---------+----------------+
  • 写回答

3条回答 默认 最新

  • duanji9264 2014-05-26 04:26
    关注

    I'm surprised you didn't see the big red-ish (pink?) warning on all the mysql_* functions in the PHP manual. To summarise...

    Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

    So, on that advice, I suggest you try mysqli.

    In regards to your specific problem, I'd say it's as Fred said in the comments, $_post should be $_POST. In PHP, variable names are case sensitive.

    You should also prepare an INSERT statement and use parameter binding to avoid SQL injection vulnerabilities.

    Here's an example to summarise...

    $link = new mysqli('localhost', 'root', 'password', 'demo');
if ($link->connect_errno) {
    throw new Exception($link->connect_error, $link->connect_errno);
}

// Check that the expected value has been provided via a POST request
if (!isset($_POST['input1'])) {
    throw new Exception('Missing POST request parameter [input1]');
}

// now prepare an INSERT statement
if (!$stmt = $link->prepare('INSERT INTO `demo` (`name`) VALUES (?)')) {
    throw new Exception($link->error, $link->errno);
}

// bind parameters
$stmt->bind_param('s', $_POST['input1']);

if (!$stmt->execute()) {
    throw new Exception($stmt->error, $stmt->errno);
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测