最受欢迎

提交后回显,但不在数据库中写入信息

Submit post echo but does not write information in database

本文关键字:数据库 信息 提交 | 更新日期: 2023-09-27

我在更新数据库中的信息时遇到问题。回声成功弹出,但数据库行保持空白-为什么?PHP代码:

<?php
    if (isset($_POST['gender'])) {
        // Sanitize and validate the data passed in
        $gender = filter_input(INPUT_POST, 'gender', FILTER_SANITIZE_STRING);
        if ($stmt) {
            $stmt->bind_param('s', $gender);
            $stmt->execute();
            $stmt->store_result();
            if ($insert_stmt = $mysqli->prepare("INSERT INTO  members gender VALUE ?")) {
                $insert_stmt->bind_param('s', $gender);
            }
        }
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } 
?>

和输入形式:

<form action="" method="POST">
  <input type="radio" name="gender" value="male"> Male <br>
  <input type="radio" name="gender" value="female"> Female <br>
  <input type="submit" name="gender" value="Set gender" class="button">
</form>

我想使用mysqli->prepare来防止SQL注入。

我用另一种方式修复了它,其中有预定义的按钮输入。

<?php
    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {
     $gender = $_POST['Female'];
     $sql = "UPDATE members SET gender = '$gender' WHERE username = '".$_SESSION['username']."'"; 

    if ($conn->query($sql) === TRUE) {
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
}
    ?>

简单的形式:

<form action="" method="POST">
 <input type="submit" name="Female" value="Female" class="button">
</form>

感谢所有想帮助我的人,尤其是阿南特·库马尔·辛格。如果没有他的建议,我无法改变主意。谢谢

更新#1

它只是弹出回声"错误"

<?php
if(isset($_POST['Female'])){
    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {
     $gender = $_POST['Female'];
     $stmt = $conn->prepare('UPDATE members
     SET gender = ?
     WHERE username = ?'); 
$stmt->bind_param('s', $_POST['Female']);
 $stmt->bind_param('s', $_SESSION['username']);
    if ($conn->prepare === TRUE) {
        echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
    } else {
        echo "Error: " . $conn->prepare . "<br>" . $conn->error;
    }
    $conn->close();
}
}
?>

不知道哪里出了问题。。。更新#2

if(isset($_POST['Female'])){
    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";
  // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {
     $gender = $_POST['Female'];
     $sql = "
     UPDATE members
     SET gender = ?
     WHERE username = ?
 ";
 $stmt = $mysqli->prepare($sql);
 $stmt->bind_param('s', $_POST['Female']);
 $stmt->bind_param('s', $_SESSION['username']);
 $stmt->execute();
    if ($mysqli->prepare($sql) === TRUE) {
        echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
    } else {
        echo "Error: " . $conn->prepare . "<br>" . $conn->error;
    }
    $conn->close();
}
}

更新#3

我还在代码中添加了一些注释,因此

     <?php
    // I had here twice the ifisset here and
        if(isset($_POST['Female'])){
        $servername = "";
        $username = "";
        $password = "";
        $dbname = "";
       // Create connection
        $conn = new mysqli($servername, $username, $password, $dbname);
        // Check connection
        if ($conn->connect_error) {
            die("Connection failed: " . $conn->connect_error);
        }
    //here the second one so I deleted that ifisset here...
         $gender = $_POST['Female'];
         $sql = "
         UPDATE members
         SET gender = ?
         WHERE username = ?
     ";
     $stmt = $mysqli->prepare($sql);
     $stmt->bind_param('s', $_POST['Female']);
     $stmt->bind_param('s', $_SESSION['username']);
     $ok = $stmt->execute();
        if ($ok == TRUE) {
            echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
        } else {
            echo "Error: " .$stmt->error; // This is the line that shows the error
        }
        $conn->close();
    }
?>

我不确定是什么问题。。。它在回波上弹出错误"没有为准备好的语句中的参数提供数据"

在发布了一个带有巨大安全漏洞的答案后,值得花点时间来修复它。修复它的一种方法,因此您可以使用字符串串联方法,但它通常不如参数化好。

你所需要做的就是接受你的工作查询,并将其转换为参数化的形式

 // Expects valid $mysqli object here
 $sql = "
     UPDATE members
     SET gender = ?
     WHERE username = ?
 ";
 $stmt = $mysqli->prepare($sql);
 // ** As we discovered, the binding needs to happen in one
 // ** call, not across several
 $stmt->bind_param('ss', $_POST['Female'], $_SESSION['username']);
 $stmt->execute();

查看您的原始代码,似乎有两个问题:该语句根本没有准备好(因此程序应该以致命错误退出),以及原始SQL语句中存在语法错误。

在新代码中,您错过了execute()调用。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习