dongrang9300 2018-01-02 20:59
浏览 272
已采纳

HTML表单数据到SQL数据库

Information

I made a PHP script that connects to my database and creates a record in my database. This works. Now, I added a simple form to this page and I want to make a record in my database based on the input that a user gives.

The PHP script without the form:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "detachering";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau)
VALUES ('test', 'user', '20', '192', 'HBO')";

if ($conn->query($sql) === TRUE) {
    echo "Medewerker is aangemaakt";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

This is the form that I want to add to it:

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title></title>
  </head>
  <body>
      <form class="" action="index.html" method="post">
        <input type="text" name="voornaam" placeholder="Voornaam">
        <input type="text" name="achternaam" placeholder="Achternaam">
        <input type="text" name="leeftijd" placeholder="Leeftijd">
        <input type="text" name="uurloon" placeholder="Uurloon">
        <input type="text" name="opleidingsniveau" placeholder="Opleidingsniveau">
        <button type="submit" name="button">Save</button>
      </form>
  </body>
</html>

I personally think that it should be something like:

INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau)
VALUES ('POST_['voornaam']', 'POST_['achternaam']', 'POST_['leeftijd']', 'POST_['uurloon']', 'POST_['opleidingsniveau']');

I haven't done much in PHP, so any help is greatly appreciated!

  • 写回答

1条回答 默认 最新

  • douyaju4259 2018-01-02 21:17
    关注

    Use prepared statements for this. Unfortunately, with mysqli you'll have to use references and cannot just use the POST array directly.

    $stmt = $conn->prepare('INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau) VALUES(?, ?, ?, ?, ?)');
if ($stmt) {
    $voornaam = $_POST['voornaam'];
    $achternaam = $_POST['achternaam'];
    $leeftijd = $_POST['leeftijd']
    $uurloon = $_POST['uurloon'];
    $opleidingsniveau = $_POST['opleidingsniveau'];

    $stmt->bind_param('sssss', $voornaam, $achternaam, $leeftijd, $uurloon, $opleidingsniveau);
    $stmt->execute();
}

    edit: Since we are talking about it, here is the PDO example (with connection):

    try {
    $dsn = 'mysql:host=localhost;dbname=test';
    $pdo = new PDO($dsn, 'root', 'passwd');
    $pdo->exec('SET CHARACTER SET UTF8');
    $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

    $sql = "INSERT INTO medewerkers (voornaam, achternaam, leeftijd, uurloon, opleidingsniveau) VALUES(?, ?, ?, ?, ?)";
    $stmt = $pdo->prepare($sql);
    if ($stmt) {
        $params = [$_POST['voornaam'], $_POST['achternaam'], $_POST['leeftijd'], $_POST['uurloon'], $_POST['opleidingsniveau']];
        $stmt->execute($params);
    }

} catch(Exception $e) {
    echo $e->getMessage();
}

    Note that I'm creating a new array for the parameters since I'm not sure if there are more values in the POST.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Pwm双极模式H桥驱动控制电机
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题