duanpo6079 2017-03-14 21:09
浏览 36

html提交sql数据条目

Im trying to input data to an sql database through a html submit button however I cant quite get it to work. I've looked at the other answers on here and I cant seem to get them to work either. I'm fairly certain that I have the column names are correct. where am I going wrong and are there any better ways of approaching this problem?

   <?php
   include('session.php');
   if(isset($_POST['addHomework'])){
    $link = mysqli_connect('host','user','userpw','database');         
    $class =  mysqli_real_escape_string($link,$_POST['classDropdown']);
    $dueDate = date('y-m-d', strtotime($_POST['dueDate']));
    $title =  mysqli_real_escape_string($link, $_POST['homeworkTitle']);
    mysqli_query($link, "INSERT INTO events ('title', 'duedate', `event_id`)  VALUES('$title', '$dueDate', '')");
}
?>

and this iis my html 

<head>
<link type="text/css" href="css/ui-lightness/jquery-ui-1.9.1.custom.min.css" rel="stylesheet" />
<script src="https://code.jquery.com/jquery-1.10.2.js"></script>
  <title>The Memory Bank</title>
  <meta name="description" content="website description" />
  <meta name="keywords" content="website keywords, website keywords" />
  <meta http-equiv="content-type" content="text/html; charset=windows-1252" />
  <link rel="stylesheet" type="text/css" href="style.css" title="style" />
</head>

<body>
  <div id="main">
    <div id="header">
      <div id="logo">
        <div id="logo_text">
          <h1>The Memory Bank</h1>
        </div>
      </div>
      <div id="menubar">
        <ul id="menu">
          <li ><a href="teacherWelcome.php">Home</a></li>
          <li><a href="student.php">Classes</a></li>
          <li class="selected"><a href="homework.php">Homework</a></li>
          <li><a href="parent.php">Feedback</a></li>
          <li><a href="HoD.php">Head of Department</a></li>
          <li><a href="logout.php">Log Out</a></li>
        </ul>
      </div>
    </div>
    <aside>
      <div id="site_content">


<h1>Welcome
        <?php 
        echo $row['username'];
        ?>
        </h1>
    <form name ="addHomework" method="POST" action="homework.php">
       <p>Enter in a title for your homework:<br/>
       <input type="text" name ="homeworkTitle" value="" maxlength="45"></P>
       <p>Enter a duedate for your homework:<br/>
       <input type="date" name ="dueDate"  value="" maxlength="45"></P>
       <p>Select a Class:<br/>
        <select name="classDropdown">
            <?php
            include ('classlist.php');
                $classlist = new Classlist ();
                echo $classlist -> show();
            ?>
        </select>
        <p><input type="submit" name="commit" id="commit" value="Add Homework"/></p>
       </form>

      </div>
</aside>
</script>
</div>
    </div>

    </div>
    <div id="footer">
    </div>
  </div>
</body>
</html>
  • 写回答

1条回答 默认 最新

  • dongzha5934 2017-03-14 21:22
    关注

    First, some warnings:

    Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe! Don't believe it?

    $_POST['addHomework'] will never be set, because form names are not sent in the POST array. Therefore you never run your query. Test isset($_POST['commit']) because that is the button you click when you try to update the database:

    if(isset($_POST['commit'])){
    // the rest of your code
    评论

报告相同问题?

悬赏问题

  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?