开发者

Inserting a record into a a Dbase using a html form (MYSQL/PHP)

开发者 https://www.devze.com 2023-03-05 20:46 出处:网络
As the title says i\'m trying to insert a record into a mysql database via a html form. Here is the html form portion of the file: Addstudent.html

As the title says i'm trying to insert a record into a mysql database via a html form.

Here is the html form portion of the file: Addstudent.html

/div>
<div id="main">
    <h2>Add another student?</h2>
    <p>Please fill out the requested fields.</p>
   <form action="Insertstudent.php" method="post">
  StudentId:     <input type="text" name="studentid"><br>
  Password:      <input type="text" name="password"><br>
  Dob:           <input type="text" name="dob"><br>
  Firstname:     <input type="text" name="firstname"><br>
  Surname:       <input type="text" name="surname"><br>
  Address:       <input type="text" name="address"><br>
  Town:          <input type="text" name="town"><br>
  County:        <input type="text" name="county"><br>
  Country:       <input type="text" name="country"><br>
  Postcode:      <input type="text" name="postcode"><br>
  <input type="Submit">

Here is part of the file Insertstudent.php

<?php
// Insert record using this script

session_start();
include("dbconnect.inc");


// If the form has been submitted
if ($_POST[submit]){
// Build an sql statment to insert a new student to the database
$sql="INSERT INTO student values '" . $_SESSION[id] ."' . '$_POST[studentid]'.'$_POST[password]' . '$_POST[dob]' . '$_POST[firstname]' . '$_POST[lastname]' . '$_POST[house]' . '$_POST[county]' . '$_POST[country]' . '$_POST[postcode]')";
$result = mysql_query($sql,$conn);
 ?>

The main trouble I'm having is with the Insert script - I'm obviously doing something wrong with that because my database doesn't update.

Thank you in advance to anyone w开发者_开发百科ho replies to this - much appreciated.


Separate the values to insert by commas, not periods. E.g.:

INSERT INTO table_name
VALUES (value1, value2, value3,...)


try the following syntax for inserting records into your database.

INSERT INTO table_name(col1,col2,col3) VALUES(val1,val2,val3);

when you make a post request from a mysql page you should be doing something like this.

INSERT INTO student(studentid,password,dob,firstname,surname,address,town,country,postcode) VALUES($_POST['studentid'],$_POST['password'],$_POST['dob'],$_POST['firstname'],$_POST['surname'],$_POST['address'],$_POST['town'],$_POST['country'],$_POST['postcode']);

but be aware this way you are allowing the users to input malicious code, if you do it like this they could easily do some mischief with your database like, deleting or altering the records. to overcome this you can use a built in PHP function called mysql_real_escape_string()


Syntax is:

INSERT INTO table (field1, field2) VALUES (value1, value2)

NOTICE: separate values with commas (,) not periods (.)

0

精彩评论

暂无评论...
验证码 换一张
取 消