第一个sql数据库不工作

hxzsmxv2  于 2021-06-20  发布在  Mysql
关注(0)|答案(3)|浏览(333)

我正在从事我的一个个人项目,我接受了一个名字和电子邮件,所以我创建了一个数据库,名为:
包含“name”和“email”列的emailtemp
phpmyadmin页
html表单:

<form method="post" action="connect.php" class="contact100-form validate-form">
    <div class="wrap-input100 m-b-10 validate-input" data-validate = "Name is required">
            <input class="s2-txt1 placeholder0 input100" type="text" name="username" placeholder="Your Name">
            <span class="focus-input100"></span>
    </div>

    <div class="wrap-input100 m-b-20 validate-input" data-validate = "Email is required: ex@abc.xyz">
        <input class="s2-txt1 placeholder0 input100" type="text" name="emailAddress" placeholder="Email Address">
        <span class="focus-input100"></span>
    </div>

    <div class="w-full">
        <button class="flex-c-m s2-txt2 size4 bg1 bor1 hov1 trans-04">
            Subscribe
        </button>
    </div>
</form>

php文件:

<?php
$connect = mysqli_connect("mysql.*****.net","*****","****>","emailtemp");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO posts (customerName, customerEmail)
VALUES ('$_POST[username]', '$_POST[emailAddress]')";

?>

根据我阅读和查看的所有内容,它应该可以工作,但在我单击“subscribe”后,它调出connect.php并说“当前无法处理此请求”。http错误500“
有没有办法把这个过程放在后台,保持一致,只说成功?

but5z9lq

but5z9lq1#

看来你少了一个 ) 在你生命的尽头 mysqli_query() 打电话。
如果你的数据库真的是这样的:
包含“name”和“email”列的emailtemp
.. 然后您应该匹配查询中的:

mysqli_query($connect,"INSERT INTO emailtemp (name, email)
VALUES ('$_POST[username]', '$_POST[emailAddress]')");

建议首先检查用户/电子邮件,如果它们是空的,则会引发异常。
这样地:

$username = $_POST[username];
$email = $_POST[emailAddress];
if ($username && $email) {
  // stuff here
} else {
  // other stuff here
}
ve7v8dk2

ve7v8dk22#

你忘了关闭mysqli\u查询函数,忘记了用户名和emailaddress的括号

mysqli_query($connect,"INSERT INTO posts (customerName, customerEmail)
VALUES ('$_POST[username]', '$_POST[emailAddress]')");

此外,此代码还使您容易受到sql注入的攻击
用户可以向sql server注入其他命令,并使用管理员权限执行这些命令。
您可以使用pdo,这是php中sql的安全实现(当然,如果使用正确的话)
在你的例子中是:

$dbhost = "your-host";
    $dbname = "your-db-name";
    $dbusername = "your-username";
    $dbpassword = "your-password";

    $conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);

    $statement = $conn->prepare("INSERT INTO posts (customerName, customerEmail)
VALUES (:username, :emailAddress");
    $statement->execute(array(
        "username" => $_POST['username'],
        "emailAdress" => $_POST['emailAdress']
    ));
weylhg0b

weylhg0b3#

http://php.net/manual/en/mysqli.prepare.php

$connect = mysqli_connect("mysql.*****.net","*****","****>","emailtemp");

if ($stmt = $mysqli_prepare($connect,"INSERT INTO posts (customerName, customerEmail) VALUES (?, ?)")) {
    mysqli_stmt_bind_param($stmt, "ss", $_POST['username'],$_POST['emailAddress']);
    mysqli_stmt_execute($stmt);
}

相关问题