drzil26260 2014-10-05 11:33
浏览 84
已采纳

PHP将数据从表单输入到SQL数据库中

Hello I wish to input some data from a HTML form in my website into a SQL database. Here is my database so far.

  • 写回答

1条回答 默认 最新

  • duan3601 2014-10-05 11:51
    关注

    You could easily just call the addNewUser() function passing the required parameters as:

    addNewUser($connect,$username,$password,$dbtable);
    

    A better usage example would be to first check that the form has been already submitted to prevent any direct access or empty records and PHP warnings by checking that form fields have been submitted, ie.

    if(isset($_POST["username"]) && isset($_POST["password"]))
    {
        $username=$_POST['username'];
        $password=$_POST["password"];
    
        addNewUser($connect,$username,$password,$dbtable);
     }
    

    Other than that this seems to be a very basic example and also a bad practise on how to implement a new insert in the database so be sure not to use any of this in a production environment. IE:

    • No input filtering.
    • Trying to "imitate" an Auto Increment field for the user
    • Vulnerable to SQL injection and even prone to fail by accident if say a user tries to register with a username or password that contains a quote
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 Linux上make出现错误不知道怎么解决
  • ¥15 prism提示我reinstall prism 如何解决
  • ¥15 asp.core 权限控制怎么做,需要控制到每个方法
  • ¥20 while循环中OLED显示中断中的数据不正确
  • ¥15 这个视频里的stm32f4代码是怎么写的
  • ¥15 JNA调用DLL报堆栈溢出错误(0xC00000FD)
  • ¥15 请教SGeMs软件的使用
  • ¥15 自己用vb.net编写了一个dll文件,如何只给授权的用户使用这个dll文件进行打包编译,未授权用户不能进行打包编译操作?
  • ¥50 深度学习运行代码直接中断
  • ¥20 需要完整的共散射点成像代码