如何使用我自己的脚本使用 php 和 sql 从表单中插入值?
Posted
技术标签:
【中文标题】如何使用我自己的脚本使用 php 和 sql 从表单中插入值?【英文标题】:How do I insert values from a form using php and sql using my own script? 【发布时间】:2019-02-27 21:07:09 【问题描述】:第一次使用php的用户和初学者,
如何使用 php 和 sql 从表单中插入值。
我使用 php 和 sql 创建了以下代码。 这是我的表格。
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "datab";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
die("Connection failed: " . $conn->connect_error);
// prepare and bind with form attached.
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
?>
<form action="/t.php" method="post">
First name:
<input type="text" name="firstname">
<br> Last Name:
<input type="text" name="lastname">
<br>Email:
<input type="text" name="email">
<input type="submit" value="Submit">
</form>
<?php
// set parameters and execute
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$stmt->execute();
$stmt->close();
$conn->close();
?>
t.php 文件只是说条目已成功添加,即使那里没有任何逻辑,只是一个简单的回显注释。
我只是想知道如何使用php和sql的表单插入数据。
【问题讨论】:
【参考方案1】:<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "datab";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
die("Connection failed: " . $conn->connect_error);
?>
<form action="/t.php" method="post">
First name:
<input type="text" name="firstname">
<br> Last Name:
<input type="text" name="lastname">
<br>Email:
<input type="text" name="email">
<input type="submit" name="submit" value="Submit">
</form>
<?php
if(isset($_POST['submit']) && !empty($_POST['submit']))
// set parameters and execute
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
// prepare and bind with form attached.
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$stmt->execute();
$stmt->close();
$conn->close();
?>
【讨论】:
【参考方案2】:你可以这样做:
为防止重复,请将 db 连接保存在名为 db.php
的文件中。
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "datab";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
die("Connection failed: " . $conn->connect_error);
然后,将其包含在main.php
文件中。这是用prepared statement errors prevented 编写的main.php
文件。
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST')
try
# check if all the params are set
if (
!empty($_POST['firstname']) &&
!empty($_POST['lastname']) &&
!empty($_POST['email'])
)
$firstname = htmlspecialchars(trim($_POST['firstname']));
$lastname = htmlspecialchars(trim($_POST['lastname']));
$email = htmlspecialchars(trim($_POST['email']));
include_once 'db.php';
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
if (
$stmt &&
$stmt->bind_param("sss", $firstname, $lastname, $email) &&
$stmt -> execute()
)
echo "Yay! Inserted.";
else
throw new Exception("Error in MYSQLI Statement");
else
throw new Exception("Some data is not set");
catch (Exception $e)
die($e -> getMessage());
else ?>
<form action="" method="post">
First name:
<input type="text" name="firstname">
<br> Last Name:
<input type="text" name="lastname">
<br>Email:
<input type="text" name="email">
<input type="submit" value="Submit">
</form>
<?php ?>
在插入数据库之前,字符串应该是validated。这里我使用htmlspecialchars()
来防止XSS 和trim()
去除不必要的空格。
谢谢。
【讨论】:
我已经更改了代码,现在检查一下。我更改了form action=""
以提交到同一页面。并修复了 PHP 语法错误。
如果需要,您可以从另一个文件中包含它。提交到同一个文件时,可以轻松创建sticky forms。【参考方案3】:
表单动作会调用 t.php,但你没有它! 在同一个文件夹中创建两个文件:myHtml.html 和 t.php
myHtml.html
<html>
<form action="t.php" method="post">
First name:
<input type="text" name="firstname">
<br> Last Name:
<input type="text" name="lastname">
<br>Email:
<input type="text" name="email">
<input type="submit" value="Submit">
</form>
</html>
t.php
<?php
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "datab";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
die("Connection failed: " . $conn->connect_error);
// prepare and bind with form attached.
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$stmt->execute();
$stmt->close();
$conn->close();
【讨论】:
以上是关于如何使用我自己的脚本使用 php 和 sql 从表单中插入值?的主要内容,如果未能解决你的问题,请参考以下文章