如何使用PHP在数据库中存储表单输出?

时间:2020-12-26 22:15:13

I'm having some issues with some functions within PHP/HTML. I'm generally a VBA guy, so this is a bit odd to me. I'm trying to create a form that a user can fill in, and have the submit button either:

我在PHP/HTML中有一些问题。我通常是VBA男生,所以这对我来说有点奇怪。我正在尝试创建一个用户可以填写的表单,并有提交按钮:

  • Send the data to a SQL table to be called later, or
  • 将数据发送到稍后要调用的SQL表,或者
  • Send the data to a text or Excel file located on a shared drive or folder
  • 将数据发送到共享驱动器或文件夹上的文本或Excel文件

So far, this is the code I've managed to put together. I also have no clue if there is code in there that is completely useless.

到目前为止,这是我设法组合起来的代码。我也不知道里面是否有完全无用的代码。

<!DOCTYPE html>
<html>

<head>
    <style>
        .error {
            color: #FF0000;
        }
    </style>
</head>

<body>
<?php function test_input($data) { $data=t rim($data); $data=s tripslashes($data); $data=h tmlspecialchars($data); return $data; } ?>
<align left></align>
Name:</br>

<input type="text" select name="Name" placeholder="Name">
<br>
<br>

<input type="checkbox" name="Alergy" value="Alergy">Alergy
<input type="checkbox" name="Gluten" value="Gluten">Gluten Free</br>

</br>

<text>City</text>
</br>
<Align Center>
    <select name="City">
        <option value=""></option>
        <option value="Arvada">Arvada</option>
        <option value="Boulder">Boulder</option>
        <option value="Ft. Collins">Ft. Collins</option>
        <option value="Greeley">Greeley</option>
        <option value="Littleton">Littleton</option>
        <option value="Longmont">Longmont</option>
        <option value="Loveland">Loveland</option>
        <option value="Thornton">Thornton</option>
        <option value="Out of State">Out of State</option>
    </select>
    </br>
    <Text>Prefered Meal</Text>
    </br>
    <Align Center>
        <select name="Meal">
            <option value=""></option>
            <option value="Chicken">Chicken</option>
            <option value="Beef">Beef</option>
            <option value="Fish">Fish</option>
            <option value="vegetarian">vegetarian</option>

        </select>
        <Align Center>
            </br>
            <text></text>
            </br>

            <input type="checkbox" name="RSVP" value="RSVP">RSVP
            <br>
            </form>


            <input type="submit" value="Submit">
            </br>


            </form>
        </Align>
</body>

</html>

2 个解决方案

#1

1  

Stateless web applications are a different animal from desktop apps. Coming from a VBA background means you need to think about this differently.

无状态web应用程序与桌面应用程序不同。来自VBA的背景意味着你需要以不同的方式思考。

The submit button itself cannot perform any action on the server. Here's why...

提交按钮本身不能在服务器上执行任何操作。这是为什么…

Browser

The browser loads and submits data to an HTTP server without knowledge of what happened before - it is stateless. Web developers have bolted on a stateful mechanism using various types of cookies in order for the server side to be able to retain knowledge about the HTTP requests coming in.

浏览器加载并提交数据到HTTP服务器,而不知道以前发生了什么——它是无状态的。Web开发人员使用各种类型的cookie来实现有状态机制,以便服务器端能够保留关于传入的HTTP请求的知识。

PHP

Even though PHP allows you to mix server side PHP code beside HTML code in your source file it does not mean that the PHP code is executed when a submit button is pressed.

尽管PHP允许您在源文件中的HTML代码旁边混合服务器端PHP代码,但这并不意味着在按下submit按钮时执行PHP代码。

Submit buttons cause the browser to send a brand new request to the HTTP server with the data that the HTML document has specified - in the case of a form, it sends form data. The method of sending form data is determined by the method attribute on the form tag. The method attribute changes where the data is available in PHP ($_GET or $_POST) and also can alter the URL in the browser (if the method is GET)

提交按钮使浏览器使用HTML文档指定的数据向HTTP服务器发送一个全新的请求——在表单中,它发送表单数据。发送表单数据的方法由表单标记上的方法属性决定。方法属性更改了PHP中可用的数据($_GET或$_POST),还可以更改浏览器中的URL(如果方法是GET)

When this new request is processed on the server the entire PHP file is reloaded and re-executed without any knowledge of the previous page load. It is entirely possible for someone to write a bot that sends data directly to your program.

当在服务器上处理这个新请求时,整个PHP文件将被重新加载并重新执行,而不需要知道以前的页面加载情况。完全有可能有人编写一个直接向程序发送数据的机器人。

If you need to keep track of a logged in user (out of scope of this question) you would use sessions or cookies. Even still, the PHP file would have no knowledge if the page had been accessed prior to a form submission.

如果您需要跟踪登录的用户(超出这个问题的范围),您将使用会话或cookie。即使如此,如果在提交表单之前访问了页面,PHP文件也不会知道。

Conclusions

  • It's important to validate data on the server since PHP on the server does not execute any browser based validation even if it's in the same file.
  • 在服务器上验证数据很重要,因为服务器上的PHP不会执行任何基于浏览器的验证,即使它在同一个文件中。
  • It's important to use a secure method to prevent CSRF attacks
  • 使用安全的方法来防止CSRF攻击是很重要的
  • HTML and PHP code are allowed in the same file for convenience but this does not mean the PHP code is executed in a browser context.
  • 为了方便起见,HTML和PHP代码可以放在同一个文件中,但这并不意味着PHP代码是在浏览器上下文中执行的。

#2

0  

This is rather a broad question, but the structure could be like so:

这是一个相当宽泛的问题,但其结构可能是这样的:

<?php
// Init database here
if ($_POST)
{
    // Save to database here
    // Redirect to self if successful, and then exit
    // Put validation/errors in an array if not
    //   (i.e. let the page render in a POST op)
}
?>
<!DOCTYPE html>
<html>

<head>
    <style>
        .error {
            color: #FF0000;
        }
    </style>
</head>

<!-- remainder of your HTML here -->

I notice that you are missing your opening <form> tag too. You'll want something like this:

我注意到您还没有打开

标签。你会想要这样的东西: 

<form method="post">

You don't need an action if you are posting to the same page.

如果你在同一页上发帖,你不需要采取行动。

#1

1  

Stateless web applications are a different animal from desktop apps. Coming from a VBA background means you need to think about this differently.

无状态web应用程序与桌面应用程序不同。来自VBA的背景意味着你需要以不同的方式思考。

The submit button itself cannot perform any action on the server. Here's why...

提交按钮本身不能在服务器上执行任何操作。这是为什么…

Browser

The browser loads and submits data to an HTTP server without knowledge of what happened before - it is stateless. Web developers have bolted on a stateful mechanism using various types of cookies in order for the server side to be able to retain knowledge about the HTTP requests coming in.

浏览器加载并提交数据到HTTP服务器,而不知道以前发生了什么——它是无状态的。Web开发人员使用各种类型的cookie来实现有状态机制,以便服务器端能够保留关于传入的HTTP请求的知识。

PHP

Even though PHP allows you to mix server side PHP code beside HTML code in your source file it does not mean that the PHP code is executed when a submit button is pressed.

尽管PHP允许您在源文件中的HTML代码旁边混合服务器端PHP代码,但这并不意味着在按下submit按钮时执行PHP代码。

Submit buttons cause the browser to send a brand new request to the HTTP server with the data that the HTML document has specified - in the case of a form, it sends form data. The method of sending form data is determined by the method attribute on the form tag. The method attribute changes where the data is available in PHP ($_GET or $_POST) and also can alter the URL in the browser (if the method is GET)

提交按钮使浏览器使用HTML文档指定的数据向HTTP服务器发送一个全新的请求——在表单中,它发送表单数据。发送表单数据的方法由表单标记上的方法属性决定。方法属性更改了PHP中可用的数据($_GET或$_POST),还可以更改浏览器中的URL(如果方法是GET)

When this new request is processed on the server the entire PHP file is reloaded and re-executed without any knowledge of the previous page load. It is entirely possible for someone to write a bot that sends data directly to your program.

当在服务器上处理这个新请求时,整个PHP文件将被重新加载并重新执行,而不需要知道以前的页面加载情况。完全有可能有人编写一个直接向程序发送数据的机器人。

If you need to keep track of a logged in user (out of scope of this question) you would use sessions or cookies. Even still, the PHP file would have no knowledge if the page had been accessed prior to a form submission.

如果您需要跟踪登录的用户(超出这个问题的范围),您将使用会话或cookie。即使如此,如果在提交表单之前访问了页面,PHP文件也不会知道。

Conclusions

  • It's important to validate data on the server since PHP on the server does not execute any browser based validation even if it's in the same file.
  • 在服务器上验证数据很重要,因为服务器上的PHP不会执行任何基于浏览器的验证,即使它在同一个文件中。
  • It's important to use a secure method to prevent CSRF attacks
  • 使用安全的方法来防止CSRF攻击是很重要的
  • HTML and PHP code are allowed in the same file for convenience but this does not mean the PHP code is executed in a browser context.
  • 为了方便起见,HTML和PHP代码可以放在同一个文件中,但这并不意味着PHP代码是在浏览器上下文中执行的。

#2

0  

This is rather a broad question, but the structure could be like so:

这是一个相当宽泛的问题,但其结构可能是这样的:

<?php
// Init database here
if ($_POST)
{
    // Save to database here
    // Redirect to self if successful, and then exit
    // Put validation/errors in an array if not
    //   (i.e. let the page render in a POST op)
}
?>
<!DOCTYPE html>
<html>

<head>
    <style>
        .error {
            color: #FF0000;
        }
    </style>
</head>

<!-- remainder of your HTML here -->

I notice that you are missing your opening <form> tag too. You'll want something like this:

我注意到您还没有打开

标签。你会想要这样的东西: 

<form method="post">

You don't need an action if you are posting to the same page.

如果你在同一页上发帖,你不需要采取行动。

标签:

相关文章