dongmeng1868
2017-04-10 08:44
浏览 12
已采纳

插入数据库不起作用

Hi Im working on a school project and i cant insert this into the database

What am I doring wrong? I dont have any error`s so I im stuck. Please help me. I do have a connection to the database. But the things I insert into the form do not show in to the databse.

$servername = "localhost";
$username = "root";
$password = "root123";
$dbname = "ToetsPro";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
    $query = "INSERT INTO `opleiding` (`id`,
                                   `opleiding`,
                                   `locatie`) 
              VALUES              (NULL,
                                   '".$_POST["opleiding"]."',
                                   '".$_POST["locatie"]."');";
    //echo $query; exit();                     
    $result = mysqli_query($conn, $query);

    $id = mysqli_insert_id($conn);

?>
<!DOCTYPE HTML> 

<form id="register" action="" method="post">
    <table>
        <tr>
            <td>Opleiding: </td>
            <td><input type="text" name="opleiding"></td>
        </tr>
        <tr>
            <td>Locatie: </td>
            <td><input type="text" name="locatie"></td>
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" name="submit"></td>
        </tr>
    </table>
</form>

<a href="index.php">Terug naar de homepage</a>

图片转代码服务由CSDN问答提供 功能建议

您好我正在学校项目,我无法将其插入数据库 < p>我的错误是什么? 我没有任何错误,所以我卡住了。 请帮我。 我确实有数据库的连接。 但是我插入到表单中的内容不会显示在数据库中。

  $ servername =“localhost”; 
 $ username =“root”  ; 
 $ password =“root123”; 
 $ dbname =“ToetsPro”; 
 
 //创建连接
 $ conn = new mysqli($ servername,$ username,$ password,$ dbname); 
  //检查连接
if($ conn-&gt; connect_error){
 die(“连接失败:”。$ conn-&gt; connect_error); 
} 
 $ query =“INSERT INTO`opleiding`(`id  `,
`opleiding`,
`locatie`)
 VALUES(NULL,
'“。$ _ POST [”opleiding“]。”',
'“。$ _ POST [”locatie“]。”  ');“; 
 // echo $ query; 出口();  
 $ result = mysqli_query($ conn,$ query); 
 
 $ id = mysqli_insert_id($ conn); 
 
?&gt; 
&lt;!DOCTYPE HTML&gt;  
 
&lt; form id =“register”action =“”method =“post”&gt; 
&lt; table&gt; 
&lt; tr&gt; 
&lt; td&gt; Opleiding:&lt; / td&gt; 
&lt;  ; td&gt;&lt; input type =“text”name =“opleiding”&gt;&lt; / td&gt; 
&lt; / tr&gt; 
&lt; tr&gt; 
&lt; td&gt; Locatie:&lt; / td&gt; \  n&lt; td&gt;&lt; input type =“text”name =“locatie”&gt;&lt; / td&gt; 
&lt; / tr&gt; 
&lt; tr&gt; 
&lt; td&gt;&lt; / td&gt; \  n&lt; td&gt;&lt; input type =“submit”name =“submit”&gt;&lt; / td&gt; 
&lt; / tr&gt; 
&lt; / table&gt; 
&lt; / form&gt; 
 
&lt;  a href =“index.php”&gt; Terug naar de主页&lt; / a&gt; 
   
 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doucou19961205 2017-04-10 09:29
    已采纳

    What am I doring wrong? I dont have any error`s so I im stuck.

    well there are few things you doing wrong.

    one of the very first things I have noticed is that you are mixing up Object oriented style and Procedural style doing so might confuse you in the long run.

    here your db connection

    $conn = new mysqli($servername, $username, $password, $dbname);
    

    You using mysqli object oriented style

    Then here : $result = mysqli_query($conn, $query); You using procedural style. I suggest that you only stick with one style, in that way you can easily read,organize and maintain your code.

    two : You might be making an error with your insert statement, id then inserting a null on the ID that might be the problem, if your id is an auto_increment better not even include it within your query.

    three You are writing a dangerous code, that will harm your application in the long run. you are directly inject $_POST values in your query, that might dangerous and it leave your application wide open to sql injections

    You should learn to use prepared statements, with mysqli or PDO prepared statements.

    This is how your code should look :

    <?php
    $servername = "localhost";
    $username   = "root";
    $password   = "root123";
    $dbname     = "ToetsPro";
    
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    
    if (isset($_POST['submit'])) {
        //check and validate your inputs
    
        $opleiding = $_POST['opleiding'];
        $locatie   = $_POST['locatie'];
    
    
        $query = $conn->prepare("INSERT INTO `opleiding` (opleiding,locatie)VALUES(?,?)");
        $query->bind_param("ss", $opleiding, $locatie);
    
        if ($query->execute()) {
    
            echo "success";
            $id->insert_id;
        } else {
    
            echo "Error :" . $conn->error;
        }
    }
    
    ?>
    <!DOCTYPE HTML> 
    
    <form id="register" action="" method="post">
        <table>
            <tr>
                <td>Opleiding: </td>
                <td><input type="text" name="opleiding"></td>
            </tr>
            <tr>
                <td>Locatie: </td>
                <td><input type="text" name="locatie"></td>
            </tr>
            <tr>
                <td></td>
                <td><input type="submit" name="submit"></td>
            </tr>
        </table>
    </form>
    
    <a href="index.php">Terug naar de homepage</a>
    
    点赞 打赏 评论
  • dtef9322 2017-04-10 09:36

    I think first of all you should use mysqli_real_escape_string() for every variable data filtering then your query should like this way:

     $query = "INSERT INTO `opleiding` (`id`,`opleiding`,`locatie`) VALUES (NULL,'".$_POST['opleiding']."','".$_POST['locatie']."')";
    
    点赞 打赏 评论

相关推荐 更多相似问题