连接到数据库成功,但在 MySQL 中不可见
Connection to the DB is successful, but not visible in MySQL
我查看了几个与此相关的问题,大多数问题似乎都可以通过简单的语法错误得到解答。不过我不认为我的问题是语法。
我成功连接到我的数据库,但我似乎无法在 phpmyadmin(我正在查看 MySQL 的地方)中看到我的条目。我可以在另一个页面上将我的条目作为变量回显,但我相信我的输入不会进入数据库。
这是我的 html 代码:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>student info</title>
</head>
<body>
<br>
Enter your first name and last name in the corresponding boxes.
<br>
<form action="submit.php" method="POST">
First: <input type="text" name="firstname"/>
<br>
Last: <input type="text" name="lastname"/>
<br>
<input type="submit">
</form>
</body>
</html>
我的php数据库连接:
<?php
echo 'here';
$dsn = 'mysql:host=localhost;dbname=practice_students';
try {
$db = new PDO($dsn);
echo 'db connection success';
} catch (PDOException $e) {
$error_message = $e->getMessage();
include('database_error.php');
exit();
}
?>
还有我的 php 提交页面:
<?php
echo 'here ';
$dsn = 'mysql:host=localhost;dbname=practice_students';
try {
$db = new PDO($dsn);
echo 'db connection success';
$firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING,
FILTER_SANITIZE_SPECIAL_CHARS);
$lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING,
FILTER_SANITIZE_SPECIAL_CHARS);
echo "Now we know your name! Hi," . " " . $firstname . " " . $lastname;
} catch (PDOException $e) {
$error_message = $e->getMessage();
include('database_error.php');
exit();
}
?>
在我的本地主机都提示响应成功
here db connection successNow we know your name! Hi, Maggie Bowen
但是,当我尝试检查或 SELECT *.
时,MySQL 没有显示任何条目
如何查看我的条目?我知道我的一些消毒等可以改进,但我真的很想知道如何查看我的条目并确保它们被输入 table。谢谢!
您有数据 $firstname 和 $lastname。现在你必须 insert them into the database submitting a query using PDO::query().
像这样:
$q = "INSERT INTO people (column1, column2) VALUES ('$firstname', '$lastname')";
$db->query($q);
编辑使用准备好的语句来避免SQL注入攻击
Prepared statements are resilient against SQL injection, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped. If the original statement template is not derived from external input, SQL injection cannot occur.
所以审查的代码
$stmt = $db->prepare("INSERT INTO people (column1, column2) VALUES (:firstname, :lastname)";
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->execute();
感谢评论中的小伙伴们!
我查看了几个与此相关的问题,大多数问题似乎都可以通过简单的语法错误得到解答。不过我不认为我的问题是语法。
我成功连接到我的数据库,但我似乎无法在 phpmyadmin(我正在查看 MySQL 的地方)中看到我的条目。我可以在另一个页面上将我的条目作为变量回显,但我相信我的输入不会进入数据库。
这是我的 html 代码:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>student info</title>
</head>
<body>
<br>
Enter your first name and last name in the corresponding boxes.
<br>
<form action="submit.php" method="POST">
First: <input type="text" name="firstname"/>
<br>
Last: <input type="text" name="lastname"/>
<br>
<input type="submit">
</form>
</body>
</html>
我的php数据库连接:
<?php
echo 'here';
$dsn = 'mysql:host=localhost;dbname=practice_students';
try {
$db = new PDO($dsn);
echo 'db connection success';
} catch (PDOException $e) {
$error_message = $e->getMessage();
include('database_error.php');
exit();
}
?>
还有我的 php 提交页面:
<?php
echo 'here ';
$dsn = 'mysql:host=localhost;dbname=practice_students';
try {
$db = new PDO($dsn);
echo 'db connection success';
$firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING,
FILTER_SANITIZE_SPECIAL_CHARS);
$lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING,
FILTER_SANITIZE_SPECIAL_CHARS);
echo "Now we know your name! Hi," . " " . $firstname . " " . $lastname;
} catch (PDOException $e) {
$error_message = $e->getMessage();
include('database_error.php');
exit();
}
?>
在我的本地主机都提示响应成功
here db connection successNow we know your name! Hi, Maggie Bowen
但是,当我尝试检查或 SELECT *.
时,MySQL 没有显示任何条目如何查看我的条目?我知道我的一些消毒等可以改进,但我真的很想知道如何查看我的条目并确保它们被输入 table。谢谢!
您有数据 $firstname 和 $lastname。现在你必须 insert them into the database submitting a query using PDO::query().
像这样:
$q = "INSERT INTO people (column1, column2) VALUES ('$firstname', '$lastname')";
$db->query($q);
编辑使用准备好的语句来避免SQL注入攻击
Prepared statements are resilient against SQL injection, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped. If the original statement template is not derived from external input, SQL injection cannot occur.
所以审查的代码
$stmt = $db->prepare("INSERT INTO people (column1, column2) VALUES (:firstname, :lastname)";
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->execute();
感谢评论中的小伙伴们!