如何将两个值从html导入我的sql表

ogsagwnx  于 2021-06-20  发布在  Mysql
关注(0)|答案(2)|浏览(191)

我需要将emailaddress和fullname的值从html导入我的sql表。
这是我的html:

<!DOCTYPE html>

    <head>
        <title>Julian's Newsletter</title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8" />

        <link href="newsletter.css" rel="stylesheet" type="text/css">
            <link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
        <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet">
        </head>
    <body>

        <h1>Newsletter</h1>
    <form action="formsubmit.php" method="post">
  <div class="container">
    <h2>Subscribe to my Newsletter</h2>
    <p>Subscribe to my newsletter to recieve recent news, a specialy curated product list, and the Product of the Month.</p>
  </div>

  <div class="container" style="background-color:white">
    <input type="text" placeholder="Name" name="fullname" required>
    <input type="text" placeholder="Email address" name="emailaddress" required>
    <label>
      <input type="checkbox" checked="checked" name="subscribe"> Monthly Newsletter
    </label>
  </div>

  <div class="container">
    <input type="submit" value="Subscribe">
  </div>
</form>
    </body>

这是目前为止我的php。我是一个初学者,我对php的知识很少。

<?php
$servername = "localhost";
$emailaddress = "emailaddress";
$fullname = "fullname";
$dbname = "email_windowsisslow_com";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $fullname, $emailaddress);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "INSERT INTO emaillist (emailaddress, fullname)
    VALUES ('', '')";
    // use exec() because no results are returned
    $conn->exec($sql);
    echo "New record created successfully";
    }
catch(PDOException $e)
    {
    echo $sql . "<br>" . $e->getMessage();
    }

$conn = null;
?>

我是新来的堆栈溢出,我不认为有人会真正为我写的代码。我需要帮助理解写了什么,以及如何编写代码来执行我需要的操作。

hec6srdp

hec6srdp1#

I would suggest you must use prepared statements to avoid SQL injection. 

 $stmt = $conn->prepare("INSERT INTO emaillist (emailaddress, fullname)
        VALUES (:emailaddress , :fullname)");
    $stmt->bindParam(':emailaddress ', $emailaddress );
    $stmt->bindParam(':fullname ', $fullname );
    $stmt->execute();
00jrzges

00jrzges2#

在php文件中更改两行:

$emailaddress = "emailaddress";
$fullname = "fullname";

$emailaddress = $_POST["emailaddress"];
$fullname = $_POST["fullname"];

并添加到insert语句中

$sql = "INSERT INTO emaillist (emailaddress, fullname) VALUES ({$emailaddress}, {$fullname})";

相关问题