1. 首页
  2. 问答
  3. PHP-无法将数据输入到数据库

PHP-无法将数据输入到数据库

2017-06-23 92 views
-1

我已经发布前,类似的问题..但随后马上有一个与代码的问题......中的数据被输入到MySQL数据库...PHP-无法将数据输入到数据库

PHP FILE:

<html> 

<head> 
    <title>Enter New Project Details</title> 
</head> 

<body> 
<?php include 'RegProj.html'; 

$pn=isset($_POST['ProjectName']) ? $_POST['ProjectName'] : ''; 
$tn=isset($_POST['TaskName']) ? $_POST['TaskName'] : ''; 
$dsc=isset($_POST['Proj_desc']) ? $_POST['Proj_desc'] : ''; 
$date = date('Y-m-d H:i:s'); 
$serverName = "Swagatha-PC"; 
if($_SERVER['REQUEST_METHOD']=="POST") 
{ 

$conn = mysqli_connect('localhost:3307', 'root', '', 'TimeSheet'); 

if($conn) 
{ 
echo "Connection established.<br />"; 
} 
else 
{ 
echo "Connection could not be established.<br />"; 
die(print_r(mysqli_connect_errno($conn), true)); 
} 

$query="Insert Into dbo.Project (DateAdded,ProjectName,TaskName,Proj_desc) 
values ('$date','$pn' ,'$tn' , '$dsc')"; 
$stmt=mysqli_query($conn,$query); 


if($stmt==false) 
{ 
echo "Error in adding Info!! Reload Page and try again!!<br/>"; 
die(print_r(mysqli_connect_errno($stmt), true)); 
} 
else 
{ 
echo " Record Added!!"; 
} 
mysqli_close($conn); 

} 
?> 
</body> 
</html>

HTML文件:

<html> 

    <head> 
     <title>Enter New Project Details</title>  
    </head> 

<body> 
<form id="project" method = "post" action = "RPMS.php"> 
     <table> 
      <tr> 
       <td>Project Name:</td> 
       <td><input type = "text" name = "ProjectName"></td> 
      </tr> 

      <tr> 
       <td>Task Name:</td> 
       <td><input type = "text" name = "TaskName"></td> 
      </tr> 

      <tr> 
       <td>Project description:</td> 
       <td><textarea name = "Proj_desc" rows = "5" cols = "40"></textarea></td> 
      </tr> 

      <tr> 
       <td> 
        <input type = "submit" name = "submit" value = "Submit" > 
       </td> 
      </tr> 
     </table> 
     </form> 

</body> 
</html>

的错误看起来是这样的:

Error Occuring

我该如何解决?

来源

2017-06-23 Swagatha S

+0

你尝试echo'ing的SQL语句和手动运行呢? –

+1

尝试使用准备好的语句。这将导致sql注入 – lalithkumar

+0

添加'ini_set('display_errors',1);函数ini_set( 'log_errors',1);使用error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);'到脚本的顶部。这会强制任何'mysqli_'错误到 生成一个您可以在浏览器上看到的异常,并且其他错误也会在您的浏览器中显示。 – RiggsFolly

回答

-1

你应该mysqli_real_escape_string全部为$ _POST数据。如果有任何containt单引号 - 将是sql语法错误。 SQL注入也是可能的。

来源

2017-06-23 17:26:03

+0

这不会纠正[SQL注射攻击](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) 看看发生了什么[小Bobby表](http:// bobby-tables.com/)即使 [如果你逃避投入,它不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-字符串) 使用[编写参数化语句](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly

1

你必须改变你的数据库名称

$query="Insert Into dbo.Project (DateAdded, ProjectName, TaskName, Proj_desc) values ('$date','$pn' ,'$tn' , '$dsc')"; 


$query="Insert Into TimeSheet.Project (DateAdded, ProjectName, TaskName, Proj_desc) values ('$date','$pn' ,'$tn' , '$dsc')";

来源

2017-06-23 17:27:32

+0

只要删除'dbo.'就足够了 – RiggsFolly

+0

Yaah就够了 –

相关问题

 相关问题