表单提交给PHP
I am trying to submit data from an HTML form to PHP to be saved into mysql database. I had previously done this and for some reason it cannot work, I must be missing something.
This is Register page
<form action="reg.php" method="POST">
<table >
<tr>
<td>Email :</td>
<td><input name="Email" type="text" /></td>
</tr>
<tr>
<td>Password :</td>
<td><input name="Password" type="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit"> </td>
</tr>
</table>
</form>
This is the reg.php
<?php
include_once("db.php");
$SQL = "INSERT INTO users (Email, Password ) VALUES ('".$_GET["Email"]."','". $_GET['Password'] ."' )";
mysql_query($SQL);
error_reporting(E_ALL);
?>
And this is the db.php
<?php
$MyUsername = "root";
$MyPassword = "";
$MyHostname = "localhost";
$dbh = mysql_pconnect($MyHostname , $MyUsername, $MyPassword);
$selected = mysql_select_db("dbName",$dbh);
?>
If I run
localhost/reg.php?Email=email@gmail.com&Password=123456
It does work and those values are shown in the database, I must be missing something in the register page.
It could be a stupid mistake as Im new to PHP.
Thanks in advance
我正在尝试将数据从HTML表单提交到PHP以保存到mysql数据库中。 我以前做过这个,但由于某种原因它无法正常工作,我必须遗漏一些东西。 p>
这是注册页面 p>
&lt; form action =“reg.php”method =“POST”&gt;
&lt; table&gt;
&lt; tr&gt;
&lt; td&gt;电子邮件:&lt; / td&gt;
&lt; td&gt;&lt;输入 name =“Email”type =“text”/&gt;&lt; / td&gt;
&lt; / tr&gt;
&lt; tr&gt;
&lt; td&gt;密码:&lt; / td&gt;
&lt; td&gt; &lt; input name =“Password”type =“password”/&gt;&lt; / td&gt;
&lt; / tr&gt;
&lt; tr&gt;
&lt; td&gt; &lt; / td&gt;
&lt; td&gt;&lt; input type =“submit”name =“submit”value =“Submit”&gt; &lt; / td&gt;
&lt; / tr&gt;
&lt; / table&gt;
&lt; / form&gt;
code> pre>
这是 reg.php p>
&lt;?php
include_once(“db.php”);
$ SQL =“INSERT INTO users(Email,Password)VALUES ('“。$ _ GET [”Email“]。”','“。$ _GET ['密码']。”')“;
mysql_query($ SQL);
error_reporting(E_ALL);
?&gt;
code> pre>
这是db.php p>
&lt;?php
$ MyUsername =“root”;
$ MyPassword =“”;
$ MyHostname =“localhost”;
$ dbh = mysql_pconnect($ MyHostname,$ MyUsername,$ MyPassword);
$ selected = mysql_select_db(“dbName”,$ dbh);
?&gt;
code> pre> \ n
如果我运行 p>
localhost / reg.php?Email=email@gmail.com&密码= 123456 p>
blockquote>
它确实有效,并且这些值显示在数据库中,我必须在寄存器页面中遗漏一些东西。 p>
这可能是一个愚蠢的错误,因为Im PHP新手。 p>
提前致谢 p>
div>
You need to be using $_POST instead of $_GET
.$_GET["Email"]."','". $_GET['Password'] ."' )";
should be
.$_POST["Email"]."','". $_POST['Password'] ."' )";
When you type the URL in, that is a GET request which is why it works. You should really POST a form, because a GET will transmit the variables in the query string, and be visible. A password field is still plain text when it's transmitted.
Also, as has been mentioned, you're using deprecated methods for talking to the database and you're leaving yourself prone to SQL injection. Take a look at PDO http://php.net/manual/en/book.pdo.php
Use mysqli with prepared statements, or PDO with prepared statements
Also consider using CRYPT_BLOWFISH or PHP 5.5's password_hash() function for password storage.
For PHP < 5.5 use the password_hash() compatibility pack.
Storing what seems to be done in plain text, is not safe.
You're making a mistake with the form method, change
<form action="reg.php" method="POST">
to
<form action="reg.php" method="GET">
If you want to continue using the POST method use
$SQL = "INSERT INTO users (Email, Password ) VALUES ('".$_POST["Email"]."','". $_POST['Password'] ."' )";
debug you code and check the error you will get data in $_POST in reg.php . print_r($_POST) on your reg.php file you will get the data