使用 PHP 将 HTML 表单数据插入 MySQL

Question

我正在尝试制作一个简单的留言板 MySQL 数据库，您可以在其中撰写评论并通过 HTML 表单在一页上提交，并在提交评论后在单独的页面上查看所有评论。

我的问题是 HTML 表单中的两个字段没有插入到我的 MySQL 数据库中，这导致我查看所有评论页面缺少名称和标题。

链接到“阅读所有评论”页面的外观。

当我测试它只用 PHP 执行 MySQL 查询时，代码工作没有任何问题，但我需要我的 HTML 表单才能工作。

HTML表单：

<form action ="process.php" method = "post">
            <fieldset>
                <legend>Review Field</legend>
                Reviewer Name: <br />
                <input type="text" name "name" id = "name"><br />
                Title of Review:<br />
                <input type="text" name "title" id = "title"><br />
                Enter your review below:
                 <!--Textbox start-->   
                 <textarea name="body" id = "body" rows="10" cols="100">
                 </textarea>
                  <!--Textbox end-->    
                <br />
                <input type="submit" name = "submit" id="submit">
                <br />
            </fieldset>
            </form>

process.php 的代码：

<?php // Create a database connection.
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "password";
$dbname = "ya_reviews";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

//Test if connection occurred.
if (mysqli_connect_errno()) {
die("Database connection failed: " .
mysqli_connect_error() .
" (" . mysqli_connect_errno() . ")"
);
}

//Perform database query
$name = $_POST['name'];
$title = $_POST['title'];
$body = $_POST['body'];

//This function will clean the data and add slashes.
// Since I'm using the newer MySQL v. 5.7.14 I have to addslashes
$name = mysqli_real_escape_string($connection, $name);
$title = mysqli_real_escape_string($connection, $title);
$body = mysqli_real_escape_string($connection, $body);

//This should retrive HTML form data and insert into database
$query  = "INSERT INTO reviews (name, title, body) 
            VALUES ('".$_POST["name"]."','".$_POST["title"]."','".$_POST["body"]."')";

        $result = mysqli_query($connection, $query);
        //Test if there was a query error
        if ($result) {
            //SUCCESS
        header('Location: activity.php');
        } else {
            //FAILURE
            die("Database query failed. " . mysqli_error($connection)); 
            //last bit is for me, delete when done
        }

mysqli_close($connection);
?>

查看所有评论：

<?php

        //This will fetch the data from the database 
        $query = "SELECT * FROM reviews";
        $result = mysqli_query($connection, $query);
        //Test if there was a query error
        if (!$result) {
            die("Database query failed.");
        }

        // This will let me display the data.
        // The loop will be spilt so I can format with HTML
        while ($row = mysqli_fetch_assoc($result)) {
            //output data from each row
        ?>

        Name: <?php echo $row["name"] . "<br />"; ?>
        Title: <?php echo $row["title"] . "<br />"; ?>
        Review: <?php echo $row["body"] . "<br />";
            echo "<hr>"; ?>
        <?php
        } ?>

注意：我用上面代码之前在 process.php 中看到的相同代码连接到数据库，我排除了它以节省空间。

Answer 1

您的 HTML 属性语法不正确。它=在attribute和之间缺少符号value。

更改name "name"到name="name"和name "title"到name="title"

<input type="text" name="name" id = "name"><br />
            Title of Review:<br />
<input type="text" name="title" id = "title"><br />

同样在insert您没有使用转义值期间。

在插入查询中使用$name代替$_POST["name"]。标题和正文值也是如此。