MySQL - PHP表单将值插入表中?
I would like to add comments to a database using a simple form. For whatever reason, I can't seem to get the table to update when I use said form. I'm not getting any errors, it's just that nothing happens when I refresh the table afterwards. In other words, even after submitting the form, the table still has 0 entries. Here is my code:
<?php
session_start();
$connection = mysql_connect("server", "username", "password");
if ($connection->connect_error) {
die('Connect Error: ' . $connection->connect_error);
}
// Selecting Database
mysql_select_db("database", $connection) or die(mysql_error());
$name = $_POST['name'];
$title = $_POST['title'];
$comments = $_POST['comments'];
$sql = "INSERT INTO comments (Name, Title, Comments)
VALUES ('$name', '$title', '$comments')";
mysql_close($connection); // Closing Connection
?>
Thank you for your help!
我想使用简单的表单向数据库添加注释。 无论出于何种原因,当我使用所述表格时,我似乎无法更新表格。 我没有收到任何错误,只是当我之后刷新表时没有任何反应。 换句话说,即使在提交表单后,该表仍然有0个条目。 这是我的代码: p>
&lt;?php
session_start();
$ connection = mysql_connect(“server”,“username”,“password”);
if ($ connection-&gt; connect_error){
die('Connect Error:'。$ connection-&gt; connect_error);
}
//选择Database
mysql_select_db(“database”,$ connection)或die(mysql_error) ());
$ name = $ _POST ['name'];
$ title = $ _POST ['title'];
$ comments = $ _POST ['comments'];
$ sql =“INSERT INTO comments(Name,Title,Comments)
VALUES('$ name','$ title','$ comments')”;
mysql_close($ connection); //关闭连接
?&gt;
code> pre>
感谢您的帮助! p>
div>
You don't ever actually execute your query:
$sql = "INSERT INTO comments (Name, Title, Comments)
VALUES ('$name', '$title', '$comments')";
$result = mysql_query($sql);
Other things:
if ($connection->connect_error) {is not valid. You can't use the old mysql API in an OOP fashion. You need to usemysqlifor that.Please, don't use
mysql_*functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.You are also wide open to SQL injections
You do no error checking. How do you expect to know if there are problems if you don't look for them?
(note: please change server, username, and password for your server information)
<?php
session_start();
$connection = mysql_connect("server","username","password");
if (!$connection) {
die('Connect Error: ' . mysql_error());
}
// Selecting Database
mysql_select_db("database",$connection) or die(mysql_error());
$name = $_POST['name'];
$title = $_POST['title'];
$comments = $_POST['comments'];
$sql = "INSERT INTO comments (Name,Title,Comments)
VALUES ('$name', '$title', '$comments')";
mysql_query($sql);
mysql_close($connection); // Closing Connection
?>
For security (defense against SQL injection) you can using mysql_real_escape_string function for limit input fields. For example:
$name = mysql_real_escape_string($_POST['name']);
$title = mysql_real_escape_string($_POST['title']);
$comments = mysql_real_escape_string($_POST['comments']);