使用 php 将单选按钮选择发布到网站上的数据库中

Question

我搜索了大约 50 个提到将单选按钮发布到数据库的网站。我想做的事情我认为很简单。我想让用户在整个 NFL 赛季中为每场比赛挑选一名获胜者。我已经通过堆栈溢出搜索了几天，还搜索了我正在寻找的几种变体。 W3Schools 这次没有任何帮助，因为他们的帖子没有显示如何将其连接到数据库。至少没有一个有效，而且我在网上找到的大部分代码要么不完整，要么不起作用。

landingpage.php
<?php
ob_start();
session_start();
require_once 'dbconnect.php';

// select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $userRow['userName']; ?>@mywebsite</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type=
"text/css"  />
<link rel="stylesheet" href="home.css" type="text/css" />
    <script src="assets/jquery-1.11.3-jquery.min.js"></script>
    <script src="assets/js/bootstrap.min.js"></script>
</head>
<body>
    <!-- Navbar Beginning -->
    <nav class="navbar navbar-default navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed"  
data-toggle="collapse" data-target="#navbar" aria-expanded="false" 
aria-controls="navbar">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="mywebsite">mywebsite</a>
        </div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="mywebsite">Message boards</a>
</li>&nbsp;
<li class="active"><a href="SBPicks.html">Superbowl Picks</a>
</li>
            </ul>

        <ul class="nav navbar-nav navbar-right">

            <li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" 
aria-haspopup="true" aria-expanded="false">
<span class="glyphicon glyphicon-user"></span>&nbsp;Hello  <?php echo 
$userRow['userName']; ?>&nbsp;<span class="caret"></span></a>
              <ul class="dropdown-menu">
<li><a href="logout.php?logout"><span class="glyphicon glyphicon-
log-out"></span>&nbsp;Sign Out</a></li>
              </ul>
            </li>
          </ul>
        </div><!--/ navbar collapse -->
      </div>
    </nav> 

    <div class="picks"
        <br><br>
        <br><br><br><br>
        <form action="weekly.php" method="post" enctype="text/plain">
            Game 1 <br> 
<input type="radio" name="game1" <?php if (isset($game1) && 

$game1=="Panthers") echo "checked";?> value="Panthers">Panthers
@ <input type="radio" name="game1" <?php if (isset($game1) && 
$game1=="Broncos") echo "checked";?> value="Broncos">Broncos
            <span class="error">* <?php echo $game1err;?></span>
            <br><br>
            <input type="submit" name="Submit" value="Submit Picks" />
        </form>
    </div>
</body>
</html>


pick.php
    <?php
    ob_start();
    session_start();
    require_once 'dbconnect.php';

    // select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
    $userRow=mysql_fetch_array($res);

$user =$_SESSION['user'];
$game1 = $_POST['game1'];

$query = "INSERT INTO fbtest(usersid,game1)Values ('$user','$game1')";

if(mysql_query($query)){
echo "your picks have been submitted";}
else{
echo "fail";}
?>
<br><br>
<a href="home.php">back to landing page</a>

Answer 1

你在问自己这行有什么问题：

$query = "INSERT INTO fbtest(usersid,game1)Values ('$user','$game1')";

将变量直接注入查询会造成巨大的漏洞。

What is SQL Injection

How can I prevent SQL Injection?

---

但是让我们回到你的问题。

您的问题是表单的编码类型。您提供了 text/plain，它不是使用 POST 方法提交的表单的有效值。

根据this 错误报告：

标签中 enctype 的有效值为：

应用程序/x-www-form-urlencoded 多部分/表单数据

要以正确的方式处理表单并填充超全局变量，表单的 enctype 必须是 application/x-www-form-urlencoded - 顺便说一下，这是默认值 - 或 multipart/form -data - 如果你想上传文件。