我运行以下代码,但它显示数组值,而不是将数据存储到mysqldb中。
<?php
if(! empty( $_POST)){
print_r($_POST);exit;
$mysqli = new mysqli('localhost', 'root','','mydb');
if($mysqli->connect_error){
die('connect error:'. $mysqli->connect_errno .':' . $mysqli->connect_error);
}
}
?>
register.php:
<?php
require('db.php');
$conn=mysqli_connect("localhost","root","");
$name = $_POST['name'];
$name1 = $_POST['skill'];
$name2= $_POST['exp'];
$name3 = $_POST['sele'];
$sql = "INSERT INTO register VALUES('".$name."','".$name1."','".$name2."','".$name3."')";
$insert = $mysqli->query($conn,$sql);
echo $insert;
?>
在浏览器中获取数组结果
连接对象已定义- $mysqli。为什么又是$conn ?-
$sql = "INSERT INTO register VALUES('".$name."','".$name1."','".$name2."','".$name3."')";
$insert = $mysqli->query($sql);
procedural方法,则需要 $conn。
mysqli
直接替换:$insert = $mysqli->query($conn,$sql);
:
$insert = $mysqli->query($sql);
让我们从头开始。
- 使用PDO(可选)。你看起来像个新手,所以先打好基础。
- 检查_POST变量是否存在(并最终检查类型(不是数组))
- 使用bindparam自动插入数据(没有sql注入的风险)
$fields = ["name", "skill", "exp", "sele"];
$params = [];
foreach($fields as $field) {
if(!isset($_POST[$field])) {
exit("Field required: $field");
}
$params[":$field"] = $_POST[$field];
}
$pdo = new PDO("mysql:host=localhost;dbname=database", 'username', 'password');
$sth = $pdo->prepare('
INSERT INTO register VALUES(:name, :skill, :exp, :sele);
');
$sth->execute($params);
如果你还想继续使用mysql…
$fields = ["name", "skill", "exp", "sele"];
$params = [];
foreach($fields as $field) {
if(!isset($_POST[$field])) {
exit("Field required: $field");
}
$params[":$field"] = $_POST[$field];
}
$mysqli = new mysqli('localhost','username','password','database');
$query = $mysqli->prepare('
INSERT INTO register VALUES(?, ?, ?, ?);
');
call_user_func_array(array($query, "bind_param"), $params);
$query->execute();