dream8877
2013-03-26 05:17
浏览 63
已采纳

尝试将表单数据添加到MYSQL数据库中

I currently have an HTML form with various feilds one for example is :

Please Enter First Name: <input type ="text" name="First_Name" /> <br />

I am trying to get the information from this form into my database. But it does not seem input anything into the database. Code is as follows.

<?php

$dbname='ecig';
$dbhost='localhost';
$dbpass='password';
$dbuser='eciguser';


$dbhandle = mysql_connect($dbhost, $dbuser, $dbpass)
  or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";


//select a database to work with
$selected = mysql_select_db("ecig",$dbhandle)
  or die("Could not select examples");



$res=mysql_query("INSERT INTO Persons (First_Name, Second_Name) VALUES('$_POST[First_Name]', yes)");
mysql_close();

if (array_key_exists ('check_submit', $_POST )) 

echo "Your Name is : {$_POST['First_Name']}<br />";
echo "Your Second Name is : {$_POST['Second_Name']}<br />";
echo "Your Email Address is : {$_POST['Email_Address']}<br />";
echo "Your Password Is : {$_POST['Password']}<br />";

?>

The question is as this is having no impact on my database, is there something i am missing and need to add to my SQL code so that the php and the SQL interact with each other and input the data?

Or am i missing something from the INSERT INTO statement?

Anyway help would be appreciated, Thanks.

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dougang5088 2013-03-26 05:23
    已采纳

    There's an error in your query, 'yes' at the end must have quotes.

    Try running your query first directly against MySQL to determine if your syntax is correctly, then just replace the values you want.

    Should look like this for your example:

    $res=mysql_query("INSERT INTO Persons (First_Name, Second_Name) VALUES ('$_POST[First_Name]', 'yes')");
    

    A bit of advice, sanitize your input if you are receiving data from the user, or you will be vulnerable to a SQL injection attack.

    And use mysqli_ functions since mysql_ functions are officially deprecated by now. You can read more about those in almost any site, like w3schools.com

    Full example of insert with mysqli_ : http://www.w3schools.com/php/php_mysql_insert.asp

    Good luck

    已采纳该答案
    评论
    解决 无用
    打赏 举报
  • duanlinjian5819 2013-03-26 05:24

    Use mysql_real_escape_string()

    $res=mysql_query("INSERT INTO Persons (First_Name, Second_Name) VALUES ('".mysql_real_escape_string($_POST['First_Name'])."', '".mysql_real_escape_string($_POST[Second_Name])."')");
    
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题