开发者

How do submit form information to my MySQL server?

开发者 https://www.devze.com 2023-03-13 02:04 出处:网络
Edit 4: The main issue has been resolved - turned out the problem was a couple of my typos. (Post, <) Thank you! The data now gets entered into my database ok. I\'ll still consider the other tips y

Edit 4: The main issue has been resolved - turned out the problem was a couple of my typos. (Post, <) Thank you! The data now gets entered into my database ok. I'll still consider the other tips you are giving me. Very good first experience with stackoverflow.

Edit 1: OK, I forgot to capitalize $_POST. Now I am getting an error "Column count doesn't match value count at row 1"

Edit 2: I removed ID and added exit();. Now, I have the error message "Column 'Name' cannot be null". I am not sure how/where to add the escape string.

Edit 3: I am following Damien's instructions, and I have this as my output: "Connected to开发者_StackOverflow社区 MySQL string(8) "TestName" string(16) "Test Description" string(3) "567" string(6) "234567" string(13) "Test@test.com" string(8) "TestPass" Column 'Name' cannot be null" - so still the same error.

Original Question:

I am rather new to using MySQL and PHP. I am using MAMP for my server, and have set up a few PHP files, according to instructions I have been given. Right now, the main goal is to be able to set up a user database, and the form in question should create a new user, with username, password, etc.

When I have filled out the form and press submit, it gives the error message for an incomplete form, instead of sending the data like I want it too. (I am not really sure about how sending data to my database works, either.)

Here is the form (I think it's in HTML):

<form action="create.php" method="post">
 Name:  <input type="text" name="inputName" value="" /><br>
 Description: <input type="text" name="inputDesc" value=""/>
  <br/>
 Phone Number :  (<input type="text" name="inputPArea" value="" />)
- <input type="text" name ="inputPBody" value="" /><br>
 Email: <input type="text" name="inputEmail" value=""/><br>
 Password: <input type="password" name="inputPass" value=""/>

  <input type="submit" name="submit" />

Here is the if/else statement for the error message:

if(!$_Post['submit']){
    echo "please fill out the form";
    header('Location:demo.php');

    }

else {
     mysql_query( "INSERT INTO people (`ID`,`Name`,`Description`,`Area Code`,`Phone Body`,`Email`,`Password`)
               VALUES(NULL<'$name','$desc','$area','$pbody','$email','$pass') ") or die(mysql_error()) ;

echo "User has been added!";
header('Location: demo.php');

     }

Please help! Thank you. It would be nice if you could help me understand how submitting stuff to my database works.

(There is a lot of other PHP stuff, of course. Tell me if you need any of it.)


$name = mysql_real_escape_string($_POST['inputName']);
$desc = mysql_real_escape_string($_POST['inputDesc']);
$area = mysql_real_escape_string($_POST['inputPArea']);
$pbody= mysql_real_escape_string($_POST['inputPBody']);
$email = mysql_real_escape_string($_POST['inputEmail']);
$pass = mysql_real_escape_string($_POST['inputPass']);

You access them through the superglobal $_POST array (since you used 'post' as the form method), properly sanitized (you should use PDO and prepared statements though, they'll make your code even safer). ID, if it is set as Auto Increment, is not needed in your query.

mysql_query( "INSERT INTO people (`Name`,`Description`,`Area Code`,`Phone Body`,`Email`,`Password`) VALUES('$name','$desc','$area','$pbody','$email','$pass') ") or die (mysql_error());

Suggestions: Also, consider adding exit(); after your header redirection, to avoid accidental display of the code.
You should also check if $_POSTs are set if(isset($_POST['postname'])) if you don't want (or can't accept) empty values (even if you're doing a client-side validation for that. Always rely on server-side validation, as client-side can be easily avoided)

Warning on mysql_real_escape_string:

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.


In your else statement, add:

$name = $_POST['inputName'];
$desc = $_POST['inputDesc'];
$pbody = $_POST['inputPBody'];
$email = $_POST['inputEmail'];
$pass = $_POST['inputPass'];

Consider SQL Injection.

0

精彩评论

暂无评论...
验证码 换一张
取 消