问题
Hi I am a beginner in PHP and MySQL, I am currently designing a website for an assignment. The website should allow you to view the database, add and delete records from the database.
The following code simply creates a form page for adding records but cannot actually add a record to the database.
Can anyone Please tell me what I am missing, what I need to add to the code and where it should be added and also any changes I should make.
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
if(isset($_POST["ID"])) {
$ID = $_POST['ID'];
$ProductName = $_POST['ProductName'];
$Price = $_POST['Price'];
$Stock = $_POST['Stock'];
}
$error='';
if ($error != '');
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="New.php" method="post">
<div>
<strong>ID: </strong> <input type="int" name="ID"><br>
<strong>ProductName: </strong> <input type="VARCHAR" name="ProductName"><br>
<strong>Price: </strong> <input type="text" name="Price"><br>
<strong>Stock: </strong> <input type="int" name="Stock"><br>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
$con = mysqli_connect("localhost","root","");
if (!$con)
{
mysqli_select_db("stationaryonlinecustomers", $con);
}
if (isset($_POST['submit']))
{
$ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));
$ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));
$Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));
$Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));
}
$ID='';
if ($con == '' || $ID == '' || $ProductName == '' || $Price == '' || $Stock =='') {
$error = 'ERROR: Please fill in all required fields!';
}
else {
$u = "INSERT INTO productorders (ID, ProductName, Price, Stock)
VALUES
('$_POST[ID]','$_POST[ProductName]','$_POST[Price]','$_POST[Stock]')";
}
header("refresh:100;View.php");
?>
回答1:
you can write php code in New.php file because you have mentioned New.php file name in form action.so create New.php file and add following code
New.php
<?php
$con = mysqli_connect("localhost","root","");
if (!$con)
{
mysqli_select_db("stationaryonlinecustomers", $con);
}
if (isset($_POST['submit']))
{
$ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));
$ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));
$Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));
$Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));
}
$ID='';
if ($con == '' || $ID == '' || $ProductName == '' || $Price == '' || $Stock =='')
{
$error = 'ERROR: Please fill in all required fields!';
}
else{
$u = "INSERT INTO productorders (ID, ProductName, Price, Stock)
VALUES
($ID,$ProductName,$Price,$Stock)";
}
header("refresh:100;View.php");
?>
I have modified the insert query you can see that once in the above code
回答2:
It seems to be missing the query execution:
$con = mysqli_connect("localhost","root","");
if (!$con)
{
mysqli_select_db("stationaryonlinecustomers", $con);
}
if (isset($_POST['submit']))
{
$ID = mysqli_real_escape_string($con, htmlspecialchars($_POST['ID']));
$ProductName = mysqli_real_escape_string($con,htmlspecialchars($_POST['ProductName']));
$Price = mysqli_real_escape_string($con,htmlspecialchars($_POST['Price']));
$Stock = mysqli_real_escape_string($con,htmlspecialchars($_POST['Stock']));
if ($ID == '' || $ProductName == '' || $Price == '' || $Stock =='') {
$error = 'ERROR: Please fill in all required fields!';
}
else {
$u = "INSERT INTO productorders (ID, ProductName, Price, Stock) VALUES ('$ID','$ProductName','$Price','$Stock')";
mysqli_query($con,$u) or die(mysqli_error($con));
}
}
header("refresh:100;View.php");
来源:https://stackoverflow.com/questions/49319144/what-am-i-missing-from-this-code