duandao2306
duandao2306
2012-03-09 16:55
浏览 73
已采纳

为什么这个PHP脚本不会在MySQL数据库中插入表单数据?

On form submit, I'm getting a blank page (insert.php) with no error and no success message.

This is the form:

<form action="insert.php" method="post">
Firstname: <input type="text" name="first_name" id="first_name" />
Lastname: <input type="text" name="lastname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>

This is the script:

mysql_select_db("my_db", $con);


$stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');

$stmt->execute(':first_name', $first_name);


if (!mysql_query($stmt,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

图片转代码服务由CSDN问答提供 功能建议

在表单提交上,我收到一个没有错误且没有成功消息的空白页面(insert.php)。

这是表格:

 &lt; form action =“insert.php”method =“post”&gt; 
第一名:  &lt; input type =“text”name =“first_name”id =“first_name”/&gt; 
姓名:&lt; input type =“text”name =“lastname”/&gt; 
Age:&lt; input type =“text  “name =”age“/&gt; 
&lt; input type =”submit“/&gt; 
&lt; / form&gt; 
   
 
 

这是脚本:\ n

  mysql_select_db(“my_db”,$ con); 
 
 
 $ stmt = $ db-&gt; prepare('INSERT INTO my_table(first_name)VALUES(  :first_name)'); 
 
 $ stmt-&gt; execute(':first_name',$ first_name); 
 
 
if(!mysql_query($ stmt,$ con))
 {
 die(  '错误:'。mysql_error()); 
} 
echo“已添加1条记录”; 
 
mysql_close($ con)
?&gt; 
   
 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duankuangxie9070
    duankuangxie9070 2012-03-09 16:58
    已采纳

    You need to create a PDO object to be able to use prepared statements. Instead you have opened a connection with mysql_connect(). The two do not mix, and PDO is preferred between them as it is more easily secured through the use of prepared statements (among other reasons).

    From the PDO docs:

    // This establishes your connection using PDO.
    // The PDO connection object is $db
    
    /* Connect to an ODBC database using driver invocation */
    $dsn = 'mysql:dbname=testdb;host=127.0.0.1';
    $user = 'dbuser';
    $password = 'dbpass';
    
    try {
        $db = new PDO($dsn, $user, $password);
    } catch (PDOException $e) {
        echo 'Connection failed: ' . $e->getMessage();
    }
    

    Pass an associative array to execute(), rather than a list of arguments representing your placeholders. The

    // Now that the PDO object is successfully created, prepare your statement
    $stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');
    
    // Arg to execute() should be an associative array
    $stmt->execute(array(':first_name' => $first_name));
    

    The following call to mysql_query() is unnecessary, as you have already executed the prepared statement with PDO.

    // Don't do this
    // mysql_select_db("my_db", $con);
    
    // Or this...
    //if (!mysql_query($stmt,$con))
    //{
    //  die('Error: ' . mysql_error());
    //}
    
    // Or this...
    // mysql_close($con)
    
    点赞 评论
  • du127953
    du127953 2012-03-09 16:59

    Youre trying to use 2 different MySQL interfaces at the same time. The mysql_* family of functions use the ext/mysql extension... The prepared statement stuff is PDO. You need to choose one or the other. Since PDO is really the way to go ill give you an example with that:

    $db = new PDO($dsn, $user, $password);
    
    try {
       $stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');
       if($stmt->execute(array(':first_name' => $first_name))) {
          echo "1 record added";
       }
    
    } catch (PDOException $e) {
      die('Error: ' . $e->getMessage());
    
    }
    

    The docs on the Mysql DSN (the first argument to the PDO constructor) can be found here.

    点赞 评论

相关推荐