从自定义表单将数据插入 Wordpress 数据库表
Posted
技术标签:
【中文标题】从自定义表单将数据插入 Wordpress 数据库表【英文标题】:Insert data into Wordpress database table from a custom form 【发布时间】:2014-12-22 07:33:12 【问题描述】:我正在尝试通过创建表将数据插入 Wordpress 数据库。我已经创建了表格,但是当我尝试从表单插入数据时,它不会插入数据。我检查了数据库连接是否有效,但插入没有发生。有人可以帮我吗?这是我的代码:-
<?php
require_once('/wp-config.php');
global $wpdb;
if(isset($_POST['submit']))
$wpdb->insert( 'wp_post_job', array( 'organizationname' =>
$_POST['organizationname'], 'post' => $_POST['post'], 'publishfrom' =>
$_POST['publishfrom'], 'publishupto' => $_POST['publishupto'],
'qualification1' => $_POST['qualification1'], 'qualification2' =>
$_POST['qualification2'], 'qualification3' => $_POST['qualification3'],
'qualification4' => $_POST['qualification4'], 'experience1' =>
$_POST['experience1'], 'experience2' => $_POST['experience2'],
'experience3' => $_POST['experience3'], 'training1' => $_POST['training1'], 'training2' => $_POST['training2'], 'training3' => $_POST['training3'],
'training4' => $_POST['training4'], 'training5' => $_POST['training5'] ),
array( '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s', '$s' ) );
?>
<?php
/*
Template Name: Form
*/
?>
<?php global $pc_theme_object; /* Reference theme framework class */ ?>
<?php get_header(); ?>
<form action="" id="postjob" method="post">
<table>
<tr>
<td><label for="organizationname">Organization Name:</label></td>
<td><input type="text" name="organizationname" id="organizationname" value="/></td>
</tr>
<tr>
<td><label for="post">Post:</label></td>
<td><input type="text" name="post" id="post" value="" /></td>
</tr>
<tr>
<td><label for="publishfrom">Publish From:</label></td>
<td><input type="text" name="publishfrom" id="publishfrom" /></td>
</tr>
<tr>
<td><label for="publishupto">Publish Upto:</label></td>
<td><input type="text" name="publishupto" id="publishupto" /></td>
</tr>
<tr>
<td><label for="qualification">Qualification:</label></td>
<td><input type="text" name="qualification1" id="qualification1" /></td>
<td><input type="text" name="qualification2" id="qualification2" /></td>
<td><input type="text" name="qualification3" id="qualification3" /></td>
<td><input type="text" name="qualification4" id="qualification4" /></td>
</tr>
<tr>
<td><label for="experience">Experience:</label></td>
<td><input type="text" name="experience1" id="experience1"/></td>
<td><input type="text" name="experience2" id="experience2"/></td>
<td><input type="text" name="experience3" id="experience3"/></td>
</tr>
<tr>
<td><label for="training">Training:</label></td>
<td><input type="text" name="training1" id="training1" />></td>
<td><input type="text" name="training2" id="training2" /></td>
<td><input type="text" name="training3" id="training3" /></td>
<td><input type="text" name="training4" id="training4" /></td>
<td><input type="text" name="training5" id="training5" /></td>
</tr>
<tr>
<td><button type="submit" name="submit">Submit</button></td>
</tr>
</table>
</form>
<?php get_footer(); ?>
【问题讨论】:
【参考方案1】:将“$s”替换为“%s”
使用此代码
if ( isset( $_POST['submit'] ) )
global $wpdb;
$tablename = $wpdb->prefix.'post_job';
$wpdb->insert( $tablename, array(
'organizationname' => $_POST['organizationname'],
'post' => $_POST['post'],
'publishfrom' => $_POST['publishfrom'],
'publishupto' => $_POST['publishupto'],
'qualification1' => $_POST['qualification1'],
'qualification2' => $_POST['qualification2'],
'qualification3' => $_POST['qualification3'],
'qualification4' => $_POST['qualification4'],
'experience1' => $_POST['experience1'],
'experience2' => $_POST['experience2'],
'experience3' => $_POST['experience3'],
'training1' => $_POST['training1'],
'training2' => $_POST['training2'],
'training3' => $_POST['training3'],
'training4' => $_POST['training4'],
'training5' => $_POST['training5'] ),
array( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )
);
【讨论】:
Wordpress 法典中提到了格式参数“如果省略,$data
中的所有值都将被视为字符串,除非在 wpdb::$field_types
中另有说明”。在这种情况下,这似乎是明智的做法。 codex.wordpress.org/Class_Reference/wpdb#INSERT_row【参考方案2】:
你可以用这个
<?php
if ( isset( $_POST['submit'] ) )
global $wpdb;
$tablename=$wpdb->prefix.'post_job';
$data=array(
'organizationname' => $_POST['organizationname'],
'post' => $_POST['post'],
'publishfrom' => $_POST['publishfrom'],
'publishupto' => $_POST['publishupto'],
'qualification1' => $_POST['qualification1'],
'qualification2' => $_POST['qualification2'],
'qualification3' => $_POST['qualification3'],
'qualification4' => $_POST['qualification4'],
'experience1' => $_POST['experience1'],
'experience2' => $_POST['experience2'],
'experience3' => $_POST['experience3'],
'training1' => $_POST['training1'],
'training2' => $_POST['training2'],
'training3' => $_POST['training3'],
'training4' => $_POST['training4'],
'training5' => $_POST['training5'] );
$wpdb->insert( $tablename, $data);
?>
【讨论】:
很高兴您的代码可以正常工作。不过,我没有看到任何可以清理您的输入的内容。鉴于您使用 $_POST 变量进行直接提交,因此您可能希望考虑清理,否则安全风险相当高。【参考方案3】:每个人都给出了正确的答案。但还有更多。如果您想要更高的安全性,那么最好使用 WordPress pdo 来更好地防御 SQL 攻击。
global $wpdb;
$table_name = $wpdb->prefix."table_name_after_the_prefix";
$sql = $wpdb->prepare( "INSERT INTO ".$table_name." (name, email, contact ) VALUES ( %s, %s, %d )", $name, $email, $contact );
$wpdb->query($sql);
// get the inserted record id.
$id = $wpdb->insert_id;
参考文献
https://developer.wordpress.org/reference/classes/wpdb/#protect-queries-against-sql-injection-attacks
【讨论】:
以上是关于从自定义表单将数据插入 Wordpress 数据库表的主要内容,如果未能解决你的问题,请参考以下文章