HI all i've a basic Web Form for putting data into a mysql database, I created code to report if i was connected to my Database correctly and it was so on completion of the form i tested it and it seems to do what i expected but when i goto my database no data was actually entered? I've tried this locally and on a server with both doing the same thing. Here is my two .php forms for you to look that i used on my local machine to test in MAMP just incase i have done something wrong:
你好我一个基本的Web表单将数据到一个mysql数据库,我创建的代码正确地报告如果我是连接到数据库,所以在完成表单我测试它,它似乎做我预期但当我转到我的数据库没有数据实际上是进入吗?我已经在本地和服务器上尝试过了,两者都做同样的事情。这是我的两个。php表单,我在本地机器上测试MAMP,以防我做错了什么:
virtualWalkLog.php
virtualWalkLog.php
<form action="hazardsform.php" method="POST" />
<p>ROUTE: <input type="text" name="ROUTE" /></p>
<p>ADDRESS: <input type="text" name="ADDRESS" /></p>
<p>LATITUDE: <input type="text" name="LATITUDE" /></p>
<p>LONGITUDE: <input type="text" name="LONGITUDE" /></p>
<p>HAZARD: <input type="text" name="HAZARD" /></p>
<p>RISK: <input type="text" name="RISK" /></p>
<input type="submit" value="Submit" />
</form>
hazardsform.php
hazardsform.php
<?php
define('DB_NAME', 'virtualWalkLog');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')";
mysql_close();
Many Thanks in advance
提前感谢
6 个解决方案
#1
6
Going through your script quickly you need to call mysql_query($sql) after
快速遍历脚本之后,需要调用mysql_query($sql)
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6')";
$sql =“插入元危险(路由、地址、纬度、经度、危害、风险)值(‘$value’、‘$value2’、‘$value3’、‘$value4’、‘$value5’、‘$value6’)”;
mysql_sql query will actually execute the query.
mysql_sql查询将实际执行查询。
Also as $value should be unique
同样,$value应该是唯一的
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
-----
SUGGESTION Since you have just begin ..I will suggest you try mysql_* for just concepts but use mysqli_* or PDO .. You shold also know about sql injection
你刚开始提出建议。我建议您尝试使用mysql_*,但使用mysqli_*或PDO。您还应该了解sql注入
Here are some tutorials to help you
这里有一些教程可以帮助您
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.mysqli.php
#2
6
you are not exectuing your query, this is why no data is inserted. Try to place after
您没有执行查询,这就是为什么没有插入数据。试着在
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6')";
this
这
$result = mysql_query($sql);
also all values are in one variable $value, so you will end up with all the same result in your table so change to this to fit your query
而且所有的值都在一个变量$value中,所以您的表将得到所有相同的结果,因此更改为适合您的查询
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
I would also sugeest you to stop using mysql_ api since they are depecrated, please switch to PDO or mysqli
我还想让您停止使用mysql_ api,因为它们是depecare,请切换到PDO或mysqli。
Furthermore you are ready to mysql injection. there is a nice tutorial here which explain you everything about that -> How can I prevent SQL injection in PHP?
此外,您已经准备好进行mysql注入。这里有一个很好的教程,可以向您解释关于这个的一切——>如何防止PHP中的SQL注入?
#3
3
you are assigning values to only one variable $value here
这里只为一个变量赋值$value
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
should be
应该是
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Also call mysql_query($sql); for running the query.
也叫mysql_query($ sql);运行查询。
#4
2
just rename:
重命名:
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
#5
2
You are capturing all the input fields value into one variable. You need to execute mysql_query for it to work. Change this :-
将所有输入字段值捕获到一个变量中。您需要执行mysql_query以使其工作。改变这个:
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
to:-
:- - -
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Once you have done that, you need to call mysql_query($sql) to execute the query.
完成之后,需要调用mysql_query($sql)来执行查询。
#6
1
You kep all the variables as the same name
你把所有的变量都记为同一个名字
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
change them to unique id's (as you referenced in the sql statement)
将它们更改为唯一id(如您在sql语句中引用的那样)
$value1 = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
and change your query statement to actually execute
并更改查询语句以实际执行。
$result = mysql_query("INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')");
#1
6
Going through your script quickly you need to call mysql_query($sql) after
快速遍历脚本之后,需要调用mysql_query($sql)
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6')";
$sql =“插入元危险(路由、地址、纬度、经度、危害、风险)值(‘$value’、‘$value2’、‘$value3’、‘$value4’、‘$value5’、‘$value6’)”;
mysql_sql query will actually execute the query.
mysql_sql查询将实际执行查询。
Also as $value should be unique
同样,$value应该是唯一的
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
-----
SUGGESTION Since you have just begin ..I will suggest you try mysql_* for just concepts but use mysqli_* or PDO .. You shold also know about sql injection
你刚开始提出建议。我建议您尝试使用mysql_*,但使用mysqli_*或PDO。您还应该了解sql注入
Here are some tutorials to help you
这里有一些教程可以帮助您
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.pdo.php
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.mysqli.php
#2
6
you are not exectuing your query, this is why no data is inserted. Try to place after
您没有执行查询,这就是为什么没有插入数据。试着在
$sql = "INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2', '$value3', '$value4', '$value5', '$value6')";
this
这
$result = mysql_query($sql);
also all values are in one variable $value, so you will end up with all the same result in your table so change to this to fit your query
而且所有的值都在一个变量$value中,所以您的表将得到所有相同的结果,因此更改为适合您的查询
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
I would also sugeest you to stop using mysql_ api since they are depecrated, please switch to PDO or mysqli
我还想让您停止使用mysql_ api,因为它们是depecare,请切换到PDO或mysqli。
Furthermore you are ready to mysql injection. there is a nice tutorial here which explain you everything about that -> How can I prevent SQL injection in PHP?
此外,您已经准备好进行mysql注入。这里有一个很好的教程,可以向您解释关于这个的一切——>如何防止PHP中的SQL注入?
#3
3
you are assigning values to only one variable $value here
这里只为一个变量赋值$value
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
should be
应该是
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Also call mysql_query($sql); for running the query.
也叫mysql_query($ sql);运行查询。
#4
2
just rename:
重命名:
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
#5
2
You are capturing all the input fields value into one variable. You need to execute mysql_query for it to work. Change this :-
将所有输入字段值捕获到一个变量中。您需要执行mysql_query以使其工作。改变这个:
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
to:-
:- - -
$value = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
Once you have done that, you need to call mysql_query($sql) to execute the query.
完成之后,需要调用mysql_query($sql)来执行查询。
#6
1
You kep all the variables as the same name
你把所有的变量都记为同一个名字
$value = $_POST['ROUTE'];
$value = $_POST['ADDRESS'];
$value = $_POST['LATITUDE'];
$value = $_POST['LONGITUTE'];
$value = $_POST['HAZARD'];
$value = $_POST['RISK'];
change them to unique id's (as you referenced in the sql statement)
将它们更改为唯一id(如您在sql语句中引用的那样)
$value1 = $_POST['ROUTE'];
$value2 = $_POST['ADDRESS'];
$value3 = $_POST['LATITUDE'];
$value4 = $_POST['LONGITUTE'];
$value5 = $_POST['HAZARD'];
$value6 = $_POST['RISK'];
and change your query statement to actually execute
并更改查询语句以实际执行。
$result = mysql_query("INSERT INTO rmbhazards (ROUTE, ADDRESS, LATITUDE, LONGITUDE, HAZARD, RISK) VALUES ('$value', '$value2',
'$value3', '$value4', '$value5', '$value6')");