尝试将表单值发送到数据库

jei2mxaa  于 2021-06-20  发布在  Mysql
关注(0)|答案(1)|浏览(386)

我在将我的表单值发送到mysql数据库时遇到问题。我阅读了所有其他主题,我做了他们写的,但没有得到我想要的。请帮助我:(

<?php
      $dbhost = "localhost";
      $dbuser = "root";
      $dbpass = "13838383";
      $dbname = "users";
      $connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
    ?>
    <?php
    include("../includes/functions.php");
    ?>
    <!DOCTYPE html>
    <html>
      <head>
        <link rel="stylesheet" href="../public/stylesheets/style.css" type="text/css">
        <title>Our WebPage</title>
      </head>
      <body>
        <center>
        <form action="input.php" method="post">
          <fieldset>
            <legend>Register</legend>
            <span>UserName: </span><br />
            <input type="text" name="username" placeholder="USERNAME"><br /><br />
            <span>PassWord: </span><br />
            <input type="text" name="lastname" placeholder="PASSWORD"><br /><br />
            <input type="button" name="submit" value="submit"><br /><br />
            <fieldset>
        </form>
        </center>
        <?php
        ?>
        <?php
          if (isset($_POST['submit'])) {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $addUserQuery = "INSERT INTO users (username, password) VALUES ({$username}, {$password});";
            $added = mysqli_query($connection, $addUserQuery);
            if ($added) {
              echo '<br>Input data is successful';
            } else {
              echo '<br>Input data is not valid';
            }
          }
        ?>
      </body>
    </html>

我的问题是我不知道我应该在表单标签中输入什么属性。谢谢,请帮助

mysqlphpDatabasemysqliforms

1条答案

按热度按时间
ekqde3dh

ekqde3dh1#

简单地说,你的变量没有被引用,所以你的查询被转换成这个(如果有人提交了 1337user 作为用户名,以及 P@ssw0rd 作为密码):

INSERT INTO users (username, password) VALUES (1337user, P@ssw0rd);

什么时候应该是:

INSERT INTO users (username, password) VALUES ('1337user', 'P@ssw0rd');

绑定变量instead:how can 我阻止php中的sql注入?

if (isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $addUserQuery = mysqli_prepare($connection, "INSERT INTO users (username, password) VALUES (?, ?)");
    mysqli_stmt_bind_param($addUserQuery, "ss", $username, $password);
    $added = mysqli_stmt_execute($addUserQuery);
    if ($added) {
      echo '<br>Input data is successful';
    } else {
      echo '<br>Input data is not valid';
    }
}
赞(0)分享  回复(0)举报  2021-06-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com