dqqyp90576 2015-02-18 08:45
浏览 45

我正在尝试插入SQL查询,但没有插入数据库

I'm trying to do simple script with PHP and insert some data, but nothing happens! I knew that I missed something but what is it?

This my code:

<?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="dddd";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== Get Variable======= //
$name = $_POST['name'];
$email=$_POST['email'];
$rate=$_POST['select_style'];
$content=$_POST['content'];

$insert="insert into reviews (name,email,rate,content) values ('$name','$email','$rate','$content')";

//====== Get Variable======= //
if($_POST['submit-comment'])  {
if($name && $email && $content == true) {

mysqli_query($con,$insert);
$success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
}
else {

$error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";

}
}
mysqli_close($con);
?>

And this it the form and the "action" ..

                        <form method="post" action="" id="form-contact" class="clearfix">
                        <div id="form-left">
                            <label for="text-name">Name *</label><br />
                            <input type="text" name="name" class="input" id="text-name" /><br />
                            <label for="text-email">From *</label><br />
                            <input type="text" name="email" class="input" id="text-email" /><br />
                            <label for="text-phone">Rate us *</label><br />
                            <div class="select-style">
                            <select>
                            <option value="5.0">5.0</option>
                            <option value="4.5">4.5</option>
                            <option value="4.0">4.0</option>
                            <option value="3.5">3.5</option>
                            <option value="3.0">3.0</option>
                            <option value="2.5">2.5</option>
                            <option value="2.0">2.0</option>
                            <option value="2.0">2.0</option>
                            <option value="1.5">1.5</option>
                            <option value="1.0">1.0</option>
                            </select>
                            </div>
                        </div>
                        <div id="form-right">
                            <label for="text-comment">Review <span></span></label><br />
                            <textarea name="content" cols="10" rows="20" class="input textarea" id="text-comment"></textarea><br />
                            <input type="submit" name="submit-comment" class="button" value="Rate Us" />
                        </div>
                        <p id="text-contact">
                        <br><br><font color="#980303">Please Note *</font> Thate Your Reviews Will Not Published Untill We Check it and sure that the review don't contain Bad words or bad language, and be sure that we will publish all reviews and we accept criticism! 
                    </form>

So what I missed please?

  • 写回答

3条回答 默认 最新

  • 普通网友 2015-02-18 08:51
    关注

    Note:

    • Put your insert query and passed on variables (POST) inside your if statement isset(POST["submit-comment"] to eliminate errors of undefined variables.

    • You should use mysqli_* prepared statement instead to prevent SQL injections.

    Answer:

    If you insist on retaining your code, you can use mysqli_real_escape_string() function to fertilize a bit the content of your variables before using it in your query.

    Your PHP file should look like this:

    <?php
$host= "localhost";
$user="root";
$pass="freedoom19";
$db="cookindoor";

$con = mysqli_connect($host,$user,$pass,$db) or mysql_error();

//====== IF SUBMIT-COMMENT ======= //
if(isset($_POST['submit-comment']))  {
  if(!empty($_POST["name"]) && !empty($_POST["email"]) && !empty($_POST["content"])) {

    //====== GET VARIABLES ======= //
    $name = mysqli_real_escape_string($con,$_POST['name']);
    $email = mysqli_real_escape_string($con,$_POST['email']);
    $rate = mysqli_real_escape_string($con,$_POST['select_style']);
    $content = mysqli_real_escape_string($con,$_POST['content']);

    $insert="INSERT INTO reviews (name,email,rate,content) VALUES ('$name','$email','$rate','$content')";

    mysqli_query($con,$insert);
    $success = "<span class='success_testmonial'>Thank You! .. Your Raiting Has Been Submitted And We Will Post It As Soon We Verify It !</span>";
  }

  else {
    $error = "<span class='error_testmonial'>Error : one or some fields has left empty .. Please fill all field and try again.</span>";
  }
}
mysqli_close($con);
?>

    Recommendation:

    But if you execute it in mysqli_* prepared statement, your insert query would look like this. Though this is just a simple example but still executable:

    if($stmt = $con->prepare("INSERT INTO reviews (name, email, rate, content) VALUES (?,?,?,?)")){ /* CHECK THE QUERY */
  $stmt->bind_param('ssss', $_POST["name"], $_POST["email"], $_POST["rate"], $_POST["content"]); /* BIND VARIABLES TO YOUR QUERY */
  $stmt->execute(); /* EXECUTE YOUR QUERY */
  $stmt->close(); /* CLOSE YOUR QUERY */
}
    评论

报告相同问题?

悬赏问题

  • ¥15 求帮我调试一下freefem代码
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图