问题描述
我有一个滑块,其中一个位于标签中。我想将滑块放入数据库。 在“index.PHP”中:
<form class="" action="insert.PHP" method="$_POST">
<input type="range" min="1" max="10" value="5" class="slider" id="myRange" name="myrange">
<p>Value: <span id="demo"></span></p>
<button id="btn1">Click Here</button>
</form>
并在insert.PHP中:
<?PHP
$getRangeValue = $_GET['myRange'];
$MysqLi = new MysqLi("localhost","root","passwd","table_name");
//
// Check connection
if ($MysqLi -> connect_errno) {
echo "Failed to connect to MysqL: " . $MysqLi -> connect_error;
exit();
}
$MysqLi -> query("INSERT INTO ertekek (RangeValue,anotherValue) VALUES ($getRangeValue,11)");
echo "New record has id: " . $MysqLi -> insert_id;
$MysqLi -> close();
?>
网址:“http://localhost/insert.PHP?myrange=10”
它正在运行,并生成一行,但该行完全是空的......所以我不知道发生了什么......
解决方法
正确的代码:
<form class="" action="insert.php" method="POST">
<input type="range" min="1" max="10" value="5" class="slider" id="myRange" name="myrange">
<p>Value: <span id="demo"></span></p>
<button id="btn1">Click Here</button>
</form>
并在insert.php中:
<?php
$getRangeValue = $_POST['myrange'];
$mysqli = new mysqli("localhost","root","passwd","table_name");
//
// Check connection
if ($mysqli -> connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli -> connect_error;
exit();
}
$query = $mysqli->prepare("INSERT INTO ertekek (RangeValue,anotherValue) VALUES (?,11)");
$query->bind_param('i',$getRangeValue);
$query->execute();
echo "New record has id: " . $mysqli -> insert_id;
$mysqli -> close();
?>
我改变了什么?
- 我更改了方法
method="POST"
而不是method="$_POST"
- 将变量
GET
上的POST
更改为$getRangeValue
- 使用准备语句代替简单且不安全的查询
推荐您阅读的链接