开发者

Inserting a record into a a Dbase using a html form (MYSQL/PHP)

问答 作者:

As the title says i'm trying to insert a record into a mysql database via a html form.

Here is the html form portion of the file: Addstudent.html

/div>
<div id="main">
    <h2>Add another student?</h2>
    <p>Please fill out the requested fields.</p>
   <form action="Insertstudent.php" method="post">
  StudentId:     <input type="text" name="studentid"><br>
  Password:      <input type="text" name="password"><br>
  Dob:           <input type="text" name="dob"><br>
  Firstname:     <input type="text" name="firstname"><br>
  Surname:       <input type="text" name="surname"><br>
  Address:       <input type="text" name="address"><br>
  Town:          <input type="text" name="town"><br>
  County:        <input type="text" name="county"><br>
  Country:       <input type="text" name="country"><br>
  Postcode:      <input type="text" name="postcode"><br>
  <input type="Submit">

Here is part of the file Insertstudent.php

<?php
// Insert record using this script

session_start();
include("dbconnect.inc");


// If the form has been submitted
if ($_POST[submit]){
// Build an sql statment to insert a new student to the database
$sql="INSERT INTO student values '" . $_SESSION[id] ."' . '$_POST[studentid]'.'$_POST[password]' . '$_POST[dob]' . '$_POST[firstname]' . '$_POST[lastname]' . '$_POST[house]' . '$_POST[county]' . '$_POST[country]' . '$_POST[postcode]')";
$result = mysql_query($sql,$conn);
 ?>

The main trouble I'm having is with the Insert script - I'm obviously doing something wrong with that because my database doesn't update.

Thank you in advance to anyone w开发者_开发百科ho replies to this - much appreciated.

Separate the values to insert by commas, not periods. E.g.:

INSERT INTO table_name
VALUES (value1, value2, value3,...)

try the following syntax for inserting records into your database. 

INSERT INTO table_name(col1,col2,col3) VALUES(val1,val2,val3);

when you make a post request from a mysql page you should be doing something like this.

INSERT INTO student(studentid,password,dob,firstname,surname,address,town,country,postcode) VALUES($_POST['studentid'],$_POST['password'],$_POST['dob'],$_POST['firstname'],$_POST['surname'],$_POST['address'],$_POST['town'],$_POST['country'],$_POST['postcode']);

but be aware this way you are allowing the users to input malicious code, if you do it like this they could easily do some mischief with your database like, deleting or altering the records. to overcome this you can use a built in PHP function called mysql_real_escape_string()

Syntax is: 

INSERT INTO table (field1, field2) VALUES (value1, value2)

NOTICE: separate values with commas (,) not periods (.)

继续阅读:databasephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9