it is connecting to the database but is not inserting values please help me with inserting the form values into the table registered `
它是连接到数据库但不插入值请帮我将表单值插入到注册的表中
if (isset($_POST["submit"])) {
$dbconnect = new mysqli('localhost','root','','tas');
if ($dbconnect) {
echo "connected to database";
}
else{
echo "did not connect";
}
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$cert = $_POST["certificate"];
$sex = $_POST["sex"];
$mobile = $_POST["mobile"];
$email = $_POST["email"];
$institution = $_POST["institution"];
$session = $_POST["session"];
$media = $_POST["media"];
$insert ="INSERT INTO registered(firstmame,lastname,certificatename,sex,mobile,email,institution,session,media)
VALUES ($fname,$lname,$cert,$sex,$mobile,$email,$institution,$session,$media)" ;
if (!$insert) {
echo "</br>error id not insert";
}
else{
echo"<br/> success";
}
}
?>`
2 个解决方案
#1
Your code is assigning a string value to a variable.
您的代码将字符串值赋给变量。
$query = "whatever";
That's not inserting anything to the database, because that string is never executed as SQL (sent to the database) by your code.
这不会向数据库插入任何内容,因为该字符串永远不会被代码执行为SQL(发送到数据库)。
To execute that on the database, you need to use a mysqli_ function, such as mysqli_query().
要在数据库上执行该操作,您需要使用mysqli_函数,例如mysqli_query()。
Please consider using prepared statements with bind placeholders.
请考虑使用带有绑定占位符的预准备语句。
Including potentially unsafe values into SQL text leads to SQL Injection vulnerabilities.
将可能不安全的值包含在SQL文本中会导致SQL注入漏洞。
NOTE: Character literals in SQL text need to be enclosed in single quotes.
注意:SQL文本中的字符文字需要用单引号括起来。
e.g. VALUES ('abc','def') not VALUES (abc,def).
例如VALUES('abc','def')不是VALUES(abc,def)。
FOLLOWUP
Here's an example of running an INSERT using a prepared statement with bind placeholders.
下面是使用带有绑定占位符的预准备语句运行INSERT的示例。
$sql = "INSERT INTO registered
( firstmame
, lastname
, certificatename
, sex
, mobile
, email
, institution
, session
, media
) VALUES
( ? , ? , ? , ? , ? , ? , ? , ? , ?)";
if ($stmt = mysqli_prepare($dbconnect, $sql)) {
mysqli_stmt_bind_param($stmt, 'sssssssss'
, $fname
, $lname
, $cert
, $sex
, $mobile
, $email
, $institution
, $session
, $media
);
mysqli_stmt_execute($stmt);
echo "affected rows = " . mysqli_stmt_affected_rows($stmt);
mysqli_stmt_close($stmt);
} else {
echo "error in prepare " . mysqli_error($dbconnect);
}
Reference: http://php.net/manual/en/mysqli.prepare.php
#2
You never execute your mysqli_query(). Please execute the query and provide more details.
你永远不会执行你的mysqli_query()。请执行查询并提供更多详细信息。
#1
Your code is assigning a string value to a variable.
您的代码将字符串值赋给变量。
$query = "whatever";
That's not inserting anything to the database, because that string is never executed as SQL (sent to the database) by your code.
这不会向数据库插入任何内容,因为该字符串永远不会被代码执行为SQL(发送到数据库)。
To execute that on the database, you need to use a mysqli_ function, such as mysqli_query().
要在数据库上执行该操作,您需要使用mysqli_函数,例如mysqli_query()。
Please consider using prepared statements with bind placeholders.
请考虑使用带有绑定占位符的预准备语句。
Including potentially unsafe values into SQL text leads to SQL Injection vulnerabilities.
将可能不安全的值包含在SQL文本中会导致SQL注入漏洞。
NOTE: Character literals in SQL text need to be enclosed in single quotes.
注意:SQL文本中的字符文字需要用单引号括起来。
e.g. VALUES ('abc','def') not VALUES (abc,def).
例如VALUES('abc','def')不是VALUES(abc,def)。
FOLLOWUP
Here's an example of running an INSERT using a prepared statement with bind placeholders.
下面是使用带有绑定占位符的预准备语句运行INSERT的示例。
$sql = "INSERT INTO registered
( firstmame
, lastname
, certificatename
, sex
, mobile
, email
, institution
, session
, media
) VALUES
( ? , ? , ? , ? , ? , ? , ? , ? , ?)";
if ($stmt = mysqli_prepare($dbconnect, $sql)) {
mysqli_stmt_bind_param($stmt, 'sssssssss'
, $fname
, $lname
, $cert
, $sex
, $mobile
, $email
, $institution
, $session
, $media
);
mysqli_stmt_execute($stmt);
echo "affected rows = " . mysqli_stmt_affected_rows($stmt);
mysqli_stmt_close($stmt);
} else {
echo "error in prepare " . mysqli_error($dbconnect);
}
Reference: http://php.net/manual/en/mysqli.prepare.php
#2
You never execute your mysqli_query(). Please execute the query and provide more details.
你永远不会执行你的mysqli_query()。请执行查询并提供更多详细信息。