drbmhd9583
2018-07-24 20:59
浏览 74
已采纳

HTML表单不通过PHP处理器将数据发布到MySQL数据库中

Context:

I'm working with the following stack: HTML/CSS, PHP, MySQL to build a web app that stores and retrieves data entered to a form.

Problem:

When I enter data into the form (the html part of index.php) locally it is not actually POSTing that data into the mysql database I have setup and is throwing an error saying there is an unknown column.

I think that the problem is in the inserting values part. If anyone has any idea as to why it's not posting I would love any help I can get. Thanks for your time!

Pics:

inspecting code locally AFTER inserting and submitting

Code:

index.php

<?php

include("dbconfig.php");

try {

  /* connect with credentials held in dbconfig file */
  $conn = new PDO("mysql:host=$server;dbname=$db", $user, $pass);

  $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  echo "Successfully Connected!";


  /* input sanitization */
  $title = htmlspecialchars($_POST['title']);
  $overview = htmlspecialchars($_POST['overview']);
  $threat_details = htmlspecialchars($_POST['threat_details']);
  $cust_name = htmlspecialchars($_POST['cust_name']);
  $fld_insight = htmlspecialchars($_POST['fld_insight']);
  $competitor = htmlspecialchars($_POST['competitor']);
  $id = htmlspecialchars($_POST['id']);
  $rev_damage = htmlspecialchars($_POST['rev_damage']);
  echo "data sanitized";

  /* submits data IF the submit button is pressed */
  if(isset($_POST['submit'])) {

      /* insert the values passed into the html form into mysql database */
    $sql = "INSERT INTO comp (title, overview, threat_details, cust_name, fld_insight, competitor, id, rev_damage) VALUES ('titleBinded', 'overviewBinded', 'threatDetailsBinded', 'customerNameBinded', 'fieldInsightBinded', 'competitorBinded', 'idBinded', 'revDamageBinded')";


    $sqlPrepared = $conn->prepare($sql);

    $sqlPrepared->bindParam(':titleBinded',$title);
    $sqlPrepared->bindParam(':overviewBinded',$overview); 
    $sqlPrepared->bindParam(':threatDetailsBinded',$threat_details);
    $sqlPrepared->bindParam(':customerNameBinded',$cust_name);
    $sqlPrepared->bindParam(':fieldInsightBinded',$fld_insight);
    $sqlPrepared->bindParam(':competitorBinded',$competitor);
    $sqlPrepared->bindParam(':idBinded',$id);
    $sqlPrepared->bindParam(':revDamageBinded',$rev_damage);


    $sqlPrepared->execute();
    echo "Successfully Inserted!";
  }


  /* commit the transaction */
  if (!$conn->commit()) {
    print("Commit failed
");
    exit();
  }


  /* close connection */
  $conn->close();

}
catch(PDOException $e) {

  echo "Connection failed: " . $e->getMessage();
}

?>


<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Raleway">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">


<div class="form-style-2-heading">Create New Competitor</div>


<style>
html,body,h1,h2,h3,h4,h5 {font-family: "Raleway", sans-serif}
</style>
<body class="blue">

</head>


<body>



<!-- Top container -->
<div class="w3-bar w3-top w3-blue w3-large" style="z-index:4">
  <span class="w3-bar-item w3-center">Create New Competitor</span>
</div>

<div class="w3-main" style="margin-left:300px;margin-top:43px;">



<!-- SUBMIT PAGE CONTENT TO DATABASE  -->
<form method="POST">

<label id="info">
<span>Opportunity Title<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="opti"></label>
<br>
<br>

<label id="info">
<span>Opportunity Overview<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="opov"></label>
<br>
<br>

<label id="info">
<span>Competitive Threat Details<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="compdet"></label>
<br>
<br>

<label id="info">
<span>Customer Name<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="custnme"></label>
<br>
<br>

<label id="info">
<span>Field Insight<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="fldinsght"></label>
<br>
<br>

<label id="info">
<span>Name of Company Competitor<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="cmpname"</label>
<br>
<br>

<label id="info">
<span>Enter Deal ID<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="id"</label>
<br>
<br>

<label id="info">
<span>Approx. Revenue Implications<span class="required">*</span></span>
<br>
<input type="text" class="input-field" name="rev"</label>
<br>
<br>

<b>Technologies/Domains Included</b>
<br>
<br>

<label id="container">Tech1
  <input type="checkbox" checked="checked">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech2
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech3
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech4
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech5
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech6
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Tech7
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>
<br>

<b>Geo/Theatre</b>
<br>
<br>

<label id="container">Geo1
  <input type="checkbox" checked="checked">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo2
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo3
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo4
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo5
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo6
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo7
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo8
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo9
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo10
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo11
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo12
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo13
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo14
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo15
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>

<label id="container">Geo16
  <input type="checkbox">
  <span class="checkmark"></span>
</label>
<br>
<br>

<label><span>&nbsp;</span><input type="submit" value="Submit" name="submit" /></label>

</form>
</div>
</html>

create.sql

drop database if exists comp;
create schema comp;
use comp;
create table comp (
    titleBinded VARCHAR(50),
    overviewBinded VARCHAR(255),
    threatDetailsBinded VARCHAR(255),
    customerNameBinded VARCHAR(30),
    fieldInsightBinded VARCHAR(255),
    competitorBinded VARCHAR(30),
    idBinded INT,
    revDamageBinded INT,
    PRIMARY KEY (idBinded)
);
create table technologies (
    name VARCHAR(225), 
    PRIMARY KEY (name)
);
create table geography (
    area VARCHAR(255),
    PRIMARY KEY (area)
);
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duanguai2781 2018-07-24 21:04
    已采纳

    Since your create table statement contains the column names, you have to use those in your query:

    create table comp (
        titleBinded VARCHAR(50),
        overviewBinded VARCHAR(255),
        threatDetailsBinded VARCHAR(255),
        customerNameBinded VARCHAR(30),
        fieldInsightBinded VARCHAR(255),
        competitorBinded VARCHAR(30),
        idBinded INT,
        revDamageBinded INT,
        PRIMARY KEY (idBinded)
    );
    

    The query should look like this:

    INSERT INTO comp (titleBinded, overviewBinded, threatDetailsBinded, customerNameBinded ...
    

    etc.

    Now, you have a : in your bind statements -

    $sqlPrepared->bindParam(':titleBinded',$title);
    $sqlPrepared->bindParam(':overviewBinded',$overview); 
    $sqlPrepared->bindParam(':threatDetailsBinded',$threat_details); ...
    

    etc.

    so you should use those in your query too, without quotes:

    VALUES (:titleBinded, :overviewBinded, :threatDetailsBinded, :customerNameBinded, :fieldInsightBinded, :competitorBinded, :idBinded, :revDamageBinded)
    

    Because you're binding your variables you can get rid of the lines where you use htmlspecialchars() as this does not sanitize your data, the binding in a prepared statement takes care of it.

    In a nutshell

    You have to have a form element with a name attribute. From there you can bind that variable when posted to use in the query:

    <input type="text" name="this_input_name" />
    

    If using the POST method the variable can be used in the bind like this:

    $sqlPrepared->bindParam(':thisBoundName', $_POST['this_input_name']);
    

    Your query would then look something like this:

    INSERT INTO `tablename` (`this_column_name`) VALUES (:thisBoundName)
    

    Take note of how the named input this_input_name is used to bind the parameter :thisBoundName and how the parameter is used as the value to be inserted in the column (created at the time the table is created).

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题