我有一个页面,其中有一个输入文本框,该数据需要插入或更新现有行。
我稍后会回应,那就是在控制之下。
<form method="post" name="tapahtuma">
Submit:
<input type="text" name="auts[]">
<input type="button" value="Ilmoita">
</form >
<?php
if(isset( $_POST["tapahtuma"]) ) {
$link = mysql_connect("localhost","root","","db");
mysqli_query($link, "INSERT INTO table (column) VALUES ('".$auts."')");
$auts = mysql_real_escape_string($_POST['auts']);
mysqli_close($link);
}
?>
最佳答案
根据提供的代码。
变化
将<input type="button" value="Ilmoita">更改为<input type="submit" name="Ilmoita" value="Ilmoita">
将if(isset( $_POST["tapahtuma"]) ) {更改为if(isset( $_POST["Ilmoita"]) ) {
将$link = mysql_connect("localhost","root","","db");更改为$link = mysqli_connect("localhost","root","","db");
将$auts = mysql_real_escape_string($_POST['auts']);放在mysqli_query之前
更新的代码
<form method="post" name="tapahtuma">
<input type="text" name="auts">
Submit: <input type="submit" name="Ilmoita" value="Ilmoita">
</form >
<?php
if(isset( $_POST["Ilmoita"]) ) {
$link = mysqli_connect("localhost","root","","db");
$auts = mysql_real_escape_string($_POST['auts']);
mysqli_query($link, "INSERT INTO table (column) VALUES ('".$auts."')");
mysqli_close($link);
}?>
我建议您使用prepared statements来避免SQL Injections
<form method="post" name="tapahtuma">
<input type="text" name="auts">
Submit: <input type="submit" name="Ilmoita" value="Ilmoita">
</form>
<?php
if(isset($_POST["Ilmoita"])) {
$link = mysqli_connect("localhost","root","","db") or die("connection failed: " . mysqli_connect_error());
$result = mysqli_prepare($link, "INSERT INTO `table` (`column`) VALUES (?)");
mysqli_stmt_bind_param($result, "s", $_POST['auts']);
mysqli_stmt_execute($result);
mysqli_close($link);
}?>
快速链接
mysqli_prepare
How can I prevent SQL injection in PHP?