试图为朋友公司设置保修登记页面,我不擅长Mysql或PHP(阅读:Noob)。我已经在网上搜索了答案,并尝试了以下代码的几个变体,但没有成功。
我有表设置与匹配的列名称。我相信表单提交也正确设置。
只是不确定是什么阻止它实际将数据发布到数据库。任何帮助将不胜感激。
这是我的邮政编码。
<?php
error_reporting(-1);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$country = $_POST['country'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$ordernumber = $_POST['ordernumber'];
$receivedate = $_POST['receivedate'];
$placeofpurchase = $_POST['placeofpurchase'];
$newsletter = $_POST['newsletter'];
?>
<?php
$con = mysqli_connect("localhost","DB_Username","PASSWORD","DB_NAME");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = ("INSERT INTO warrantyregistration (firstname, lastname, address, city, state, zipcode, country, phone, email, ordernumber, receivedate, placeofpurchase, newsletter)
VALUES
($firstname, $lastname, $address, $city, $state, $zipcode, $country, $phone, $email, $ordernumber, $receivedate, $placeofpurchase, $newsletter)");
if (mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Success!";
mysqli_close($con)
?>
改变这一行:
if (mysqli_query($con,$sql))
至:
if (!mysqli_query($con,$sql))
你应该看到一条错误信息。
您应该使用预先准备好的查询并使用准备好的语句。这将保护您免受SQL注入并修复您的问题。您需要做的简略版本是:
$stmt = mysqli_prepare($con, "INSERT INTO warrantyregistration
(firstname, lastname, address) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, "sss", $firstname, $lastname, $address);
mysqli_stmt_execite($stmt);
我得到了同样的错误。如果没有参数化,您可以在sql语句中修复该错误:
...
$sql = "INSERT INTO warrantyregistration VALUES ($firstname, $lastname, $address, $city, $state, $zipcode, $country, $phone, $email, $ordernumber, $receivedate, $placeofpurchase, $newsletter)";
...