PHP脚本未将表单数据插入数据库

Posted 2023-02-25

【中文标题】PHP脚本未将表单数据插入数据库

【英文标题】：PHP script not inserting form data to database

【发布时间】：2012-11-10 16:42:50

【问题描述】：

我在将表单数据插入数据库时​​遇到问题。我可以连接到数据库，因为它不会引发错误但没有插入任何信息。以下是我的代码，任何帮助将不胜感激。

<?php  
// string checking
function isValid($str) 
  if(!preg_match('/[^A-Za-z0-9.-]/', $str)) 
  return true;
   else 
    return false;
  



// Check for form submission
if(isset($_POST['submit']))

// Get the POST data
$agree = $_POST['agree'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$business = $_POST['business'];
$state = $_POST['state'];
$email = $_POST['email'];

// If the T&C box has been ticked
if($agree)

  // Validate the POST data
  $validationError = '';

    // Name Validation
    if($firstname == '')
      $validationError .= "Please enter your first name.\n";
     else 
      if(is_numeric($firstname))
        $validationError .= "The first name you have supplied cannot contain numbers.\n";
      
      if(strlen($firstname) > 50) 
        $validationError .= "The first name you have supplied must be less than 50 characters.\n";
      
      if(strlen($firstname) < 3) 
        $validationError .= "The first name you have supplied is too short.\n";
      
      if(isValid($firstname) == false )
        $validationError .= "The first name cannot contain special characters.\n";
  
    

if($surname == "")
      $validationError .= "Please enter your Surname.\n";
     else 
      if(is_numeric($surname))
        $validationError .= "The Surname you have supplied cannot contain numbers.\n";
      
      if(strlen($surname) > 50) 
        $validationError .= "The Surname you have supplied must be less than 50 characters.\n";
      
      if(strlen($surname) < 3) 
        $validationError .= "The Surname you have supplied is too short.\n";
      
      if(isValid($surname) == false )
        $validationError .= "The Surname cannot contain special characters.\n";
  
    


if($state == '')
      $validationError .= "Please select your state.\n";


    // Email validation

    // Function to validate email addresses, taken from here: http://www.linuxjournal.com/article/9585
    function check_email_address($email) 

      // Set up regular expression strings to evaluate the value of email variable against
      $regex1 = '/^[_a-z0-9-][^()<>@,;:\\"[] ]*@([a-z0-9-]+.)+[a-z]2,4$/i';

      // Run the preg_match function on regex 1
      if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) 
           return false;
       else 
          return true;      
       
    

    if($email != '')
      if(!check_email_address($email)) 
        $validationError .= "The email address does not appear to be correct, please try again.\n";
      
     else 
      $validationError .= "Please enter your email address.\n";
    

  //Start the mysql connection

  if($validationError == '')
    $link = mysql_connect('localhost', '--removed--', '--removed--');

    if (!$link) 
      $validationError .= "There was an error connecting to the database. Please contact us so that we can fix the problem.\n";
     else 

      // Select the db
      mysql_select_db("keyinv_seminar", $link);

      // Check for an existing entry under that email address
      $checkQuery = 'SELECT * FROM seminar WHERE email="' . mysql_real_escape_string($email) . '"';
      $result = mysql_query($checkQuery, $link);

      if (mysql_num_rows($result) != 0) 
        $validationError .= "There is already an entry in the competition, using that email address.\n";
       else 
        // There is no existing entry, update the db
        $insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" . mysql_real_escape_string($firstname) . "', '" . mysql_real_escape_string($surname) . "', '" . mysql_real_escape_string($business) . "', " . mysql_real_escape_string($state) . ", '" . mysql_real_escape_string($email) . "')";

        $result = mysql_query($insertQuery, $link);

      

      // Close the connection
      if($link)
        mysql_close($link);

        if($validationError == '')
          header('Location: thankyou.php');
        
      
    
  
 else 
  $validationError = "You must accept the Terms and Conditions \nin order to enter this contest.";


?>

【问题讨论】：

您应该尝试捕获 mysql 错误，而不仅仅是验证错误。请参阅 mysql_error() php 函数。

正如人们常说的那样，你不应该再使用 mysql_query 了，但我相信你输入的 mysql_real_escape_string($state) （在插入时）需要 ' 标记。 -- 查看 F4r-20 的帖子以获得更好的总结。

【参考方案1】：

查看您的 INSERT 查询..

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" 
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', " 
    . mysql_real_escape_string($state) . ", '" 
    . mysql_real_escape_string($email) . "')";

您错过了 $state 值周围的一些单引号。改成这样：

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('"  
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', '" 
    . mysql_real_escape_string($state) . "', '" 
    . mysql_real_escape_string($email) . "')";

【讨论】：

好吧，我们不知道它很有可能在这个脚本之后被回显。

你是救生员，非常感谢你的帮助。我应该知道让我的代码更具可读性。