php - 将表单数据提交到数据库表

  显示原文与译文双语对照的内容

将数据插入数据库表中时出现问题。 我已经检查了表格字段到表单字段的所有内容。 一切正常,甚至print_r打印结果,但数据没有插入数据库。 返回空结果集。 我的表单代码


<?php include('header.php');?>

<div class="page container">
 <div class="row col-12 register-page">


 <form class="form-horizontal" role="form" action="register-process.php" method="post">
 <div class="form-group">
 <label for="firstname" class="col-sm-2 control-label">First Name</label>
 <div class="col-sm-10">
 <input type="text" class="form-control" id="firstname" name="firstname" 
 placeholder="Enter First Name">
 </div>
 </div>
 <div class="form-group">
 <label for="lastname" class="col-sm-2 control-label">Last Name</label>
 <div class="col-sm-10">
 <input type="text" class="form-control" id="lastname" name="lastname" 
 placeholder="Enter Last Name">
 </div>
 </div>
 <div class="form-group">
 <label for="email" class="col-sm-2 control-label">Email</label>
 <div class="col-sm-10">
 <input type="text" class="form-control" id="email" name="email" 
 placeholder="Enter Your Email">
 </div>
 </div>
 <div class="form-group">
 <label for="password" class="col-sm-2 control-label">Password</label>
 <div class="col-sm-10">
 <input type="password" class="form-control" id="password" name="password" 
 placeholder="Enter your password">
 </div>
 </div>
 <div class="form-group">
 <label for="confirm-password" class="col-sm-2 control-label">Confirm Password</label>
 <div class="col-sm-10">
 <input type="password" class="form-control" id="cpassword" name="cpassword" 
 placeholder="Confirm password">
 </div>
 </div>
 <div class="form-group">
 <label for="birth-year" class="col-sm-2 control-label">Birth Year</label>
 <div class="col-sm-10">
 <select id="year" class="birth-year" name="birth-year">
 <?php 
 for($i = 1970; $i <date("Y")+1; $i++){
 echo '<option value="'.$i.'">'.$i.'</option>';
 }

?>
 </select>
 </div>
 </div>
 <div class="form-group">
 <label for="gender" class="col-sm-2 control-label register-gender">Gender</label>
 <div class="col-sm-10">
 <select id="registration_gender" class="select-register" required="required" name="gender">
 <option selected="selected" value="">Gender</option>
 <option value="_UE_M">Male</option>
 <option value="_UE_MRS">Female</option>
 </select>
 </div>
 </div>
 <div class="form-group form-action">

 <div class="form-action">
 <input type="submit" name="submit" class="btn btn-large btn-primary" value="Lets Get Started"> 
 </div>
 </div>
 </form>

 </div>
</div>

我的注册进程代码


<div class="page container">
 <div class="row col-12 register-page">

 <?php

 $fname = $_POST['firstname'];
 $lname = $_POST['lastname'];
 $email = $_POST['email'];
 $password = md5($_POST['password']);
 $cpassword = md5($_POST['cpassword']);
 $birthyear = $_POST['birth-year'];
 $gender = $_POST['gender'];

 if($fname && $lname && $email && $password && $cpassword){

 if($password == $cpassword){

 include("config.php");

 $insert = 'INSERT INTO users(firstname,lastname,email,password,birth-year,gender) 
 VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$password.'","'.$birthyear.'","'.$gender.'")';


 mysql_query($insert);
 echo"registered successfully";
 }
 else{

 header("Location: register.php");
 echo"your password do not match.";
 }
 }
 else{
 echo"complete the form please.";
 header("Location: register.php");
 }
?>
 </div>
</div>

时间: 作者:

线条


if($fname && $lname && $email && $password && $cpassword){

正在检查这些值是否为 true,它们不是。 这个PHP代码将导致SQL注入,因为你没有验证表单中输入的值。 查看转义SQL并删除HTML实体。

使用 $_POST 变量上的function isset(),这样你就可以验证正确填写的表单。 一旦你满意,表单被正确填充,SQL将html实体转移到本地变量中,然后使用它们插入 SQL 。

...