douduanque5850
2015-08-11 08:59
浏览 23
已采纳

尝试使用注册表单中的PHP / Html将数据输入到SQL表中

I've tried so many different things and did many searches with no solution. I am trying to use an html form to submit data to a sql table.

Here is the code for my register.php file.

$con = mysqli_connect("localhost", "database_name", "password" "database_user");

if($con === false) {
    die("ERROR Could not Connect." . mysqli_connect_error());
}
$lasty= mysqli_real_escape_string($_POST['laz']);
$namez=mysqli_real_escape_string($_POST['namer']);
$emailAddr=mysqli_real_escape_string($_POST['emaila']);
$userName=mysqli_real_escape_string($_POST['usrn']);
$passwo=mysqli_real_escape_string($_POST['passw']);

$sqql = "INSERT INTO 'database_name' . table' (UserID, FirstName, LastName,   Email, UserName, Password) 
        VALUES (NULL, '$namez', '$lasty', '$emailAddr', '$userName', '$passwo')";


if (mysqli_query($con, $sqql)) {
    echo "Successfull";
} else {
    echo "Did not work!" . $con->error;
}

mysqli_close($con);

My HTML file is:

<form action="register.php" method="POST">
    First Name: <input type="text" name="namer"  placeholder="First Name"/> <br>
    Last Name: <input type='text' name='laz' /> <br>
    Email Address: <input type='text' name='emaila' /> <br>
    UserName: <input type='text' name='usrn' />
    Password: <input type='password' name='passw' />
    <input type='submit' id='button' value='Submit' name='login' />

</form>

I apologize in advance for the weirdly named variables, I was afraid that the other files would interrupt what I was trying to do here.

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doule0941 2015-08-11 09:02
    已采纳
    $con = mysqli_connect("localhost", "database_name", "password" "database_user"); //open connection
    
    if (mysqli_connect_errno()) { //if connection failed
        die("Connect failed: ", mysqli_connect_error());
        exit();
    }
    
    $lasty      = mysqli_real_escape_string($con, $_POST['laz']); //added $con needs two parameter (connection, input)
    $namez      = mysqli_real_escape_string($con, $_POST['namer']);
    $emailAddr  = mysqli_real_escape_string($con, $_POST['emaila']);
    $UserName   = mysqli_real_escape_string($con, $_POST['usrn']);
    $password   = mysqli_real_escape_string($con, $_POST['passw']);
    
    
    
    $sqql = "INSERT INTO `table_name`(UserID, FirstName, LastName,   Email, UserName, Password) 
    VALUES (NULL, '$namez', '$lasty', '$emailAddr', '$userName', '$passwo')";
    
    
    if (mysqli_query($con, $sqql)) {
        echo "Row inserted";
    }else{
        die("Error: ". mysqli_sqlstate($con));
    }
    
    mysqli_close($con);
    
    已采纳该答案
    打赏 评论
  • drjv5597 2015-08-11 09:03

    mysqli_real_escape_string() need two parameter first one is your connection and other is your escapestring

    mysqli_real_escape_string(connection,escapestring);
    

    So add $con as first parameter into it

     mysqli_real_escape_string($con,$_POST['laz']);
    

    Also wrap off quotes from table name. Use backtick like

    INSERT INTO `database_name` . `table` 
    

    To check error in your page use

    ini_set('display_errors',1);
    ini_set('display_startup_errors',1);
    error_reporting(-1);
    

    And Prevent you query by sql injection

    打赏 评论