为什么当我提交表单时只有两列值保存到数据库中?

问题描述 投票:0回答:1

我已经尝试解决我目前遇到的这个问题一周了。所以我希望我能在这里找到解决方案。 我有一个 HTML 文件,其中包含带有“POST”方法的注册表单。我打算使用 PHP 文件将用户信息存储到名为“pizza_project”的数据库中。但是,每次我提交表单时,仅存储两个值:密码和排序代码(在存储之前也会进行哈希处理)。此外,尽管在我的数据库中据说不允许存储零值和默认值,但每次我提交表单时,“0”都会存储到 AccountNumber 列中。其他列保持空白。

这是我的 HTML 表单:

<div class="reg_container">
  <form id="form_register" class="register_section" action="http://localhost/pizza_register.php" method="post">
    <div class="reg_form_item">
        <div class="reg_form_itself">
        <p class="h3">PERSONAL INFORMATION</p>
            <label for="customer_name"></label>
            <input type="text" id="customer_name" name="customer_name" placeholder="Full name" class="bigger_field" required>   

            <label for="customer_phone"></label>
            <input type="tel" id="customer_phone" name="customer_phone" placeholder="Phone number" class="bigger_field" required>

            <label for="customer_email"></label>
            <input type="email" id="customer_email" name="customer_email" placeholder="Email address" class="bigger_field" required>

            <label for="password"></label>
            <input type="password" id="password" name="password" placeholder="Password" class="bigger_field" required>
        </div>
    </div>
    <div class="reg_form_item"><div class="line"></div></div>
    <div class="reg_form_item">
        <div class="reg_form_itself"> 
        <p class="h3">DELIVERY, PAYMENT</p>
            <label for="full_address"></label>
            <textarea id="full_address" name="full_address" rows="3" placeholder="Full address" class="input-field" required></textarea>
            
            <label for="account_number"></label>
            <input type="text" id="account_number" name="account_number" placeholder="Account number" class="bigger_field" required>
            
            <label for="sort_code"></label>
            <input type="password" id="sort_code" name="sort_code" placeholder="Sort Code" class="bigger_field" required>

            <input class="input-submit" type="submit" name="submit" value="SAVE">
        </div>
    </div>
</form>
</div>

这是我的 PHP 文件:

<?php
$con = mysqli_connect("localhost","root","","pizza_project") 
or die("Error " . mysqli_error($con)); 

$customer_name = mysqli_real_escape_string($con,$_POST["customer_name"]);
$customer_phone = mysqli_real_escape_string($con,$_POST["customer_phone"]);
$customer_email = mysqli_real_escape_string($con,$_POST["customer_email"]);
$password = mysqli_real_escape_string($con,$_POST["password"]);
$full_address = mysqli_real_escape_string($con,$_POST["full_address"]);
$account_number = mysqli_real_escape_string($con,$_POST["account_number"]);
$sort_code = mysqli_real_escape_string($con,$_POST["sort_code"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$hashed_sort_code = password_hash($sort_code, PASSWORD_DEFAULT);

$sql = $con->prepare("INSERT INTO customers (CustomerName, CustomerPhone, CustomerEmail, hashed_password, FullAddress, AccountNumber, hashed_sort_code) VALUES (?, ?, ?, ?, ?, ?, ?)");
$sql->bind_param("sssssis", $customer_name, $customer_phone, $customer_email, $hashed_password, $full_address, $account_number, $hashed_sort_code);


if ($sql->execute()) {
    header("Location: http://localhost/pizza_home_p.html");
    exit();
} else {
    error_log("Error: " . $sql->error);
    echo "New record was not created successfully";
}

$sql->close();
mysqli_close($con);

This is how the data is stored to the DB

谢谢大家的帮助。

php html mysql forms
1个回答
0
投票

如果您注意到,只有没有

mysqli_real_escap_string
的值才会被保存,让您了解发生了什么。

我告诉你'mysqli_real_escape_string'不应该与

bind_param
一起使用。 MySQLi 中的
bind_param
函数用于将参数绑定到准备好的 SQL 语句,并自动转义值以防止 SQL 注入。因此,如果不会产生这些不一致,则在使用
mysqli_real_escape_string
时无需使用
bind_param

所以你可以通过两种方式做到这一点:

没有
MYSQLI_REAL_ESCAPE_STRING
:

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "your_database";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Failed: " . $conn->connect_error);
}

$customer_name = $_POST['customer_name'];
$customer_phone = $_POST['customer_phone'];
$customer_email = $_POST['customer_email'];
$full_address = $_POST['full_address'];
$account_number = $_POST['account_number'];
$sort_code = $_POST['sort_code'];
$password = $_POST['password'];

$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$hashed_sort_code = password_hash($sort_code, PASSWORD_DEFAULT);

$sql = $conn->prepare("INSERT INTO customers (CustomerName, CustomerPhone, CustomerEmail, hashed_password, FullAddress, AccountNumber, hashed_sort_code) VALUES (?, ?, ?, ?, ?, ?, ?)");

$sql->bind_param("sssssis", $customer_name, $customer_phone, $customer_email, $hashed_password, $full_address, $account_number, $hashed_sort_code);

if ($sql->execute()) {
    echo "¡Success!";
} else {
    echo "Error: " . $sql->error;
}

$conn->close();
?>

MYSQLI_REAL_ESCAPE_STRING
但没有
BIND_PARAMS
PREPARE
:

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "your_database";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Failed: " . $conn->connect_error);
}

$customer_name = mysqli_real_escape_string($conn, $_POST['customer_name']);
$customer_phone = mysqli_real_escape_string($conn, $_POST['customer_phone']);
$customer_email = mysqli_real_escape_string($conn, $_POST['customer_email']);
$full_address = mysqli_real_escape_string($conn, $_POST['full_address']);
$account_number = mysqli_real_escape_string($conn, $_POST['account_number']);
$sort_code = mysqli_real_escape_string($conn, $_POST['sort_code']);
$password = mysqli_real_escape_string($conn, $_POST['password']);

$sql = "INSERT INTO customers (customer_name, customer_phone, customer_email, full_address, account_number, sort_code, password) 
        VALUES ('$customer_name', '$customer_phone', '$customer_email', '$full_address', '$account_number', '$sort_code', '$password')";

if ($conn->query($sql) === TRUE) {
    echo "¡Success!";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>
© www.soinside.com 2019 - 2024. All rights reserved.