duanhongyi2964
2014-03-16 15:20
浏览 40
已采纳

将php表单插入mysql数据库时如何修复错误

I'm trying to save data from a form into a mysql database. I can connect to the database but for some reason I can't get it to insert the data into the database. I have a feeling it might just be a syntax error I'm not seeing.

Any help would be much appreciated.

PHP

// Get values from form 
 $Nombre=$_POST['Nombre'];
 $Email=$_POST['Email'];
 $Telefono=$_POST['Telefono'];

// Insert data into mysql 
$sql="INSERT INTO $leads(Nombre, Email, Telefono)VALUES('$Nombre','$Email','$Telefono')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Successful";
echo "<BR>";
}

else {
echo "ERROR";
}

HTML

  <form action="leads.php" method="POST">
       <input placeholder="Nombre" type="text" name="Nombre" maxlength="40"/>
       <input placeholder="Email" type="text" name="Email" maxlength="100"/>
       <input placeholder="Teléfono" type="text" name="Telefono" maxlength="9" pattern=".{8,}"    required title="8 numeros mínimo"/>
       <button class="btn-cita" name="cita">Hacer Cita</button>
  </form>
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douna3367 2014-03-16 15:21
    已采纳

    Yes, you do. You are vulnerable to SQL injection attacks, and are using undefined variables in your query:

    $sql="INSERT INTO $leads(Nombre, Email, Telefono)VALUES('$Nombre','$Email','$Telefono')";
                      ^^^^^^---undefined
    

    Producing a query something like

    INSERT INTO (Nombre, etc...
    
    已采纳该答案
    打赏 评论

相关推荐 更多相似问题