php表单不将表单数据写入mysql数据库

发布于 2024-12-09 11:59:49 字数 1511 浏览 0 评论 0原文

我必须在下面编写代码 - 更新的

php 代码

    if(empty($_POST['formEmail'])) 
    {
        $errorMessage .= "<li>You forgot to enter your email</li>";
    }

    $varEmail = $_POST['formEmail'];

    if(empty($errorMessage)) 
    {

        $db = mysql_connect("servername","username","password");
        if(!$db) die("Error connecting to MySQL database.");
        mysql_select_db("tableName" ,$db);



    $sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

    mysql_query($sql);


echo "Details added";
$_SESSION['status'] = 'success';
 }

exit();


    }

function PrepSQL($value)
{
    // Stripslashes
    if(get_magic_quotes_gpc()) 
    {
        $value = stripslashes($value);
    }

    // Quote
    $value = "'" . mysql_real_escape_string($value) . "'";

    return($value);
}
?>

表单代码

    <?php
if(!empty($errorMessage)) 
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
    }
    ?>

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
</p>
<input type="submit" name="formSubmit" value="Submit" />
</form>

我没有收到任何错误，据我所知，语法看起来不错，但它没有将电子邮件信息放入数据库中。有人知道发生了什么事吗？作为旁注，我是所有 php 的新手。

原文

I have to code below - updated

php code

    if(empty($_POST['formEmail'])) 
    {
        $errorMessage .= "<li>You forgot to enter your email</li>";
    }

    $varEmail = $_POST['formEmail'];

    if(empty($errorMessage)) 
    {

        $db = mysql_connect("servername","username","password");
        if(!$db) die("Error connecting to MySQL database.");
        mysql_select_db("tableName" ,$db);



    $sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

    mysql_query($sql);


echo "Details added";
$_SESSION['status'] = 'success';
 }

exit();


    }

function PrepSQL($value)
{
    // Stripslashes
    if(get_magic_quotes_gpc()) 
    {
        $value = stripslashes($value);
    }

    // Quote
    $value = "'" . mysql_real_escape_string($value) . "'";

    return($value);
}
?>

form code

    <?php
if(!empty($errorMessage)) 
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
    }
    ?>

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
</p>
<input type="submit" name="formSubmit" value="Submit" />
</form>

I'm not getting any errors and as far as I can tell the syntax looks fine but its not putting the email information into the database. Anyone have an idea of whats going on? As a side note I am a newb to all php.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦幻的心爱 2024-12-16 11:59:49

您忘记运行查询！放在

mysql_query($sql);

直接

$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

后面确保您也通过 mysql_real_escape_string 运行 $_POST 变量：

$varEmail = mysql_real_escape_string($_POST['formEmail']);

这将有助于保护您免受 SQL 注入攻击。

编辑

还有一件小事，我想您想在表单成功提交时设置会话变量success。为此，您需要

echo "Details added";
$_SESSION['status'] = 'success';

在运行 SQL 查询时在相同的 if 结构中移动，否则它将永远不会被设置

You've forgotten to run the query! Put

mysql_query($sql);

straight after

$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

Make sure you run the $_POST variable through mysql_real_escape_string as well:

$varEmail = mysql_real_escape_string($_POST['formEmail']);

This will help protect you from SQL Injection attacks.

EDIT

One more tiny thing, I guess you want to set the session variable success when the form has submitted successfully. to do that you'll need to move

echo "Details added";
$_SESSION['status'] = 'success';

within the same if structure as the SQL query is run, otherwise it will never be set

回复收藏 0 原文

如日中天 2024-12-16 11:59:49

尝试：

    $db = mysql_connect("servername","username","password");
    if(!$db) die("Error connecting to MySQL database.");
    mysql_select_db("tableName" ,$db);


    $sql = sprintf("INSERT INTO emails(email) VALUES ('%s')",mysql_real_escape_string($varEmail));
    $results = mysql_query($sql);

Try:

    $db = mysql_connect("servername","username","password");
    if(!$db) die("Error connecting to MySQL database.");
    mysql_select_db("tableName" ,$db);


    $sql = sprintf("INSERT INTO emails(email) VALUES ('%s')",mysql_real_escape_string($varEmail));
    $results = mysql_query($sql);

回复收藏 0 原文

~没有更多了~