使用 PHP 将行添加到 MySQL 数据库，但没有来自 html 表单的其他数据

Question

表单中的数据未保存到数据库中，但正在添加一行，我在 Go Daddy 托管。它在我的本地完美运行，但现在 live 似乎无法运行。请在下面找到我正在使用的代码：

<?php
if($_SERVER["REQUEST_METHOD"]=="POST")
{

    $fName = mysql_real_escape_string($_POST['fName']);
    $surname = mysql_real_escape_string($_POST['surname']);
    $postcode = mysql_real_escape_string($_POST['postcode']);
    $tel = mysql_real_escape_string($_POST['tel']);
    $mobile = mysql_real_escape_string($_POST['mobile']);
    $email = mysql_real_escape_string($_POST['email']);
    $bool = true;
    $con = mysql_connect("localhost","username","password");

    if (!$con)  
    {
       die('Could not connect: ' . mysql_error());
    }   

    mysql_select_db("db name", $con);      

    $sql="INSERT INTO customer (custNo, fName, surname, postcode, tel, mobile, email, timestamp)
    VALUES (NULL, '$fName','$surname','$postcode', '$tel', '$mobile',  '$email', 'CURRENT_TIMESTAMP')";

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    } else{
        echo "Successfully Registered ";
    }
}
mysql_close($con)
?>

这里是 html 表格

<form action="insert.php" method = "post">
    <fieldset>
        <legend>Register</legend>
        <div class="col-md-4">
            <label for='fName'>Enter name:</label>
            <input type= "text" name = "fName" required="required" maxlength="50"/>   <br/>
        </div>
        <div class="col-md-4">
            <label for='surname'>Enter surname:</label>
            <input type= "text" name="surname" maxlength="50" required="required"/> <br/>
        </div>
        <div class="col-md-4">
            <label for='postcode'>Enter postcode:</label>
            <input type= "text" name="postcode" maxlength="7"/> <br/>
        </div>
        <div class="col-md-4">
            <label for='tel'>Enter home no:</label>
            <input type= "text" name="tel" maxlength="50" />  <br/>
        </div>
        <div class="col-md-4">
            <label for='mobile'>Enter mobile no:</label>
            <input type= "text" name="mobile" maxlength="50"/> <br/>
        </div>
        <div class="col-md-4">
            <label for='email'>Enter email * </label>
            <input type= "text" name="email" required="required"/> <br/></br>
        </div>
        <input type="submit" value="Register"/>
    </fieldset>
</form>

Answer 1

可能是变数造成的

尝试将 $sql 行更改为此

$sql = "INSERT INTO customer (custNo, fName, surname, postcode, tel, mobile, email, timestamp)  VALUES (NULL, '" . $fName . "', '" . $surname . "', '" . $postcode . "', '" . $tel . "', '". $mobile . "', '" . $email . "', 'CURRENT_TIMESTAMP')";

Answer 2

第一个：

警告

此扩展已从 PHP 5.5.0 开始弃用，并将在未来删除。相反，应该使用 MySQLi 或 PDO_MySQL 扩展名。

如果您没有检查 $_POST['password']，它可能是用户想要的任何内容！例如：

$_POST['username'] = 'aidan';
$_POST['password'] = "' OR ''='";

// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";
mysql_query($query);

这意味着发送到 MySQL 的查询将是：

SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''

这将允许任何人在没有有效密码的情况下登录。

针对您的问题！

由于这个事实，你所有的变量都是空的...

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned.

将你的mysql_real_escape_string()放在连接后。

$con = mysql_connect("localhost","username","password");
if (!$con) { ...}

mysql_select_db("db name", $con);
//-------------- next after connect not before !!! --------
$fName = mysql_real_escape_string($_POST['fName']);
[...]
$email = mysql_real_escape_string($_POST['email']);
$bool = true;

$sql="INSERT INTO customer (...) VALUES (...)";

使用 PHP 将行添加到 MySQL 数据库，但没有来自 html 表单的其他数据

Row being added to MySQL database but no other data from the html form using PHP

php

mysql

针对您的问题！