从HTML表单将数据插入到SQL表中

时间:2022-02-08 03:45:38

A HTML form has been created that should (when filled) send the data it's holding to a database inserting a new row so it can be used later on. However, I can't seem to get it to work, I'm getting the following error:

已经创建了一个HTML表单,该表单应该(在填充的时候)将它所保存的数据发送到数据库插入新行,以便以后可以使用它。然而,我似乎无法让它发挥作用,我得到了以下错误:

Notice: Use of undefined constant con - assumed 'con' in C:\xampp\htdocs\form\insert.php on line 4

注意:在C:\xampp\htdocs\表单插入中使用未定义的常量con -假设的“con”。php在4号线

Warning: mysql_query() expects parameter 1 to be string, object given in C:\xampp\htdocs\form\insert.php on line 17
Data not inserted

警告:mysql_query()期望参数1是字符串,对象用C:\xampp\htdocs\form\insert。第17行没有插入php数据


HTML Code

<!DOCTYPE html>
<html>
    <head>    
        <title>Form linked to database</title>
    </head>
    <body>
        <form action="insert.php" method="post">
            Name: <input type="text" name="username">
            <br>
            Email: <input type="text" name="email">
            <br>
            <input type="submit" value="insert">
        </form>
    </body>
</html>

PHP Code

<?php
$con = mysqli_connect('localhost','[retracted]','[retracted]');

if(!con) {
    echo 'Not connected to server!';
}

if(!mysqli_select_db($con,'tutorial')) {
    echo 'Database not selected!';
}

$Name = $_POST['username'];
$Email = $_POST['email'];

$sql = "INSERT INTO person (Name,Email) VALUES ('$Name','$Email')";
if(!mysql_query($con,$sql)) {
    echo 'Data not inserted';
} else {
    echo 'Data inserted';
}
//header("refresh:2; url=form.html");
?>

I'm new to PHP and followed the following YouTube tutorial.

我是PHP新手,学习了下面的YouTube教程。

I'm also using XAMPP for this, on a localhost. Any help is appreciated. Thank you.

我还在本地主机上使用XAMPP。任何帮助都是感激。谢谢你!

5 个解决方案

#1


4  

You should change:

你应该改变:

if(!con){
    echo 'Not connected to server!';
}

to:

:

if(!$con){
    echo 'Not connected to server!';
}

as you're missing a dollar sign there.

因为你少了一个美元符号。

Additionally, you're using a mysql_ function here, on the mysqli_ object $con:

此外,您在这里使用mysql_函数,在mysqli_对象$con上:

if(!mysql_query($con,$sql))

Change this to

改变这

if(!mysqli_query($con,$sql))

SQL injection

SQL注入

As your query is vulnerable to SQL injection, then I'd like to recommend you take a look at using prepared statements, or using mysqli_real_escape_string()-- though, this comes with a few gotcha's: https://*.com/a/12118602/7374549

由于您的查询容易受到SQL注入的影响,所以我建议您看看如何使用准备好的语句,或者使用mysqli_real_escape_string()——不过,这里有一些问题:https://*.com/a/12118602/7374549

#2


2  

You have done two small mistakes ie

你犯了两个小错误

1) forgot to add $ before the variable name ie changes is

1)忘记在变量名称ie更改之前添加$

if(!$con){
        echo 'Not connected to server!';
    }

2) you are connected with mysqli_connect but you are trying to use mysql_query functions in it. so please change and use mysqli_query

2)您连接到mysqli_connect,但您试图在其中使用mysql_query函数。因此,请更改并使用mysqli_query

if(!mysqli_query($con,$sql)){ }

This is issue in your case. My suggestion is to use mysqli or PDO that is good practice.

这是你的问题。我的建议是使用mysqli或PDO,这是很好的实践。

#3


1  

You are not using the correct mySQL query function, you have used:

您没有使用正确的mySQL查询函数,您已经使用过:

mysql_query($con

mysql_query(反对美元

You should use:

你应该使用:

mysqli_query

mysqli_query

instead. Let me know if you still have issues.

代替。如果你还有什么问题,请告诉我。

#4


0  

Altough you have a lot of answers right now, I think none of those is the right one. I've written your code new, procedural as you did, but with prepared statements, so you're going to be save to SQL injections.

虽然你现在有很多答案,但我认为没有一个是正确的。我已经像您一样编写了新的、过程化的代码,但是使用了准备好的语句,所以您将保存到SQL注入中。

<?php
    $con = mysqli_connect('localhost','[retracted]','[retracted]');

    if(!$con){
        echo 'Not connected to server!';
    }

    if(!mysqli_select_db($con,'tutorial')){
        echo 'Database not selected!';
    }

    $Name = $_POST['username'];
    $Email = $_POST['email'];

   if ($stmt = mysqli_prepare($con, "INSERT INTO person (Name, Email) VALUES (?, ?"))) {
    mysqli_stmt_bind_param($stmt, "ss", $Name, $Email);
    mysqli_stmt_execute($stmt);
    echo "Data inserted";
   }
   else {
    echo "Error";
   }

mysqli_close($con);

    //header("refresh:2; url=form.html");
?>

I think it should work, if not let me know.

我认为如果不让我知道的话,它应该是有效的。

#5


-2  

Try this :

试试这个:

<?php

// Create connection
$conn = new mysqli("localhost", "username", "password", "databasename");
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO MyGuests (firstname, lastname, email)
VALUES ('test fname', 'test lname', 'test@example.com')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

#1


4  

You should change:

你应该改变:

if(!con){
    echo 'Not connected to server!';
}

to:

:

if(!$con){
    echo 'Not connected to server!';
}

as you're missing a dollar sign there.

因为你少了一个美元符号。

Additionally, you're using a mysql_ function here, on the mysqli_ object $con:

此外,您在这里使用mysql_函数,在mysqli_对象$con上:

if(!mysql_query($con,$sql))

Change this to

改变这

if(!mysqli_query($con,$sql))

SQL injection

SQL注入

As your query is vulnerable to SQL injection, then I'd like to recommend you take a look at using prepared statements, or using mysqli_real_escape_string()-- though, this comes with a few gotcha's: https://*.com/a/12118602/7374549

由于您的查询容易受到SQL注入的影响,所以我建议您看看如何使用准备好的语句,或者使用mysqli_real_escape_string()——不过,这里有一些问题:https://*.com/a/12118602/7374549

#2


2  

You have done two small mistakes ie

你犯了两个小错误

1) forgot to add $ before the variable name ie changes is

1)忘记在变量名称ie更改之前添加$

if(!$con){
        echo 'Not connected to server!';
    }

2) you are connected with mysqli_connect but you are trying to use mysql_query functions in it. so please change and use mysqli_query

2)您连接到mysqli_connect,但您试图在其中使用mysql_query函数。因此,请更改并使用mysqli_query

if(!mysqli_query($con,$sql)){ }

This is issue in your case. My suggestion is to use mysqli or PDO that is good practice.

这是你的问题。我的建议是使用mysqli或PDO,这是很好的实践。

#3


1  

You are not using the correct mySQL query function, you have used:

您没有使用正确的mySQL查询函数,您已经使用过:

mysql_query($con

mysql_query(反对美元

You should use:

你应该使用:

mysqli_query

mysqli_query

instead. Let me know if you still have issues.

代替。如果你还有什么问题,请告诉我。

#4


0  

Altough you have a lot of answers right now, I think none of those is the right one. I've written your code new, procedural as you did, but with prepared statements, so you're going to be save to SQL injections.

虽然你现在有很多答案,但我认为没有一个是正确的。我已经像您一样编写了新的、过程化的代码,但是使用了准备好的语句,所以您将保存到SQL注入中。

<?php
    $con = mysqli_connect('localhost','[retracted]','[retracted]');

    if(!$con){
        echo 'Not connected to server!';
    }

    if(!mysqli_select_db($con,'tutorial')){
        echo 'Database not selected!';
    }

    $Name = $_POST['username'];
    $Email = $_POST['email'];

   if ($stmt = mysqli_prepare($con, "INSERT INTO person (Name, Email) VALUES (?, ?"))) {
    mysqli_stmt_bind_param($stmt, "ss", $Name, $Email);
    mysqli_stmt_execute($stmt);
    echo "Data inserted";
   }
   else {
    echo "Error";
   }

mysqli_close($con);

    //header("refresh:2; url=form.html");
?>

I think it should work, if not let me know.

我认为如果不让我知道的话,它应该是有效的。

#5


-2  

Try this :

试试这个:

<?php

// Create connection
$conn = new mysqli("localhost", "username", "password", "databasename");
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO MyGuests (firstname, lastname, email)
VALUES ('test fname', 'test lname', 'test@example.com')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>