【发布时间】:2021-06-15 16:01:50
【问题描述】:
我正在尝试创建一个小项目,在这种情况下,我创建了一个表单,我从用户那里获取输入,然后将数据更新到数据库中,但它没有上传它并且它重定向到另一个页面。我我是 PHP 新手,请帮忙。
<?php include 'config.php'; ?>
<body>
<?php
if(isset($_POST['submit']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$phn=$_POST['phone'];
$amount=$_POST['amount'];
$sql="insert into donator(first_name,last_name,email,phone_no,amount) values('{$fname}','{$lname}','{$email}','{$phn}','{$amount}')";
$result=mysqli_query($db,$sql);
}
?>
<div id="header"></div>
<div class="testbox">
<form action="charge.php" method="post">
<div class="banner">
<h1>Donation Form</h1>
</div>
<br/>
<fieldset>
<legend>Donation Form</legend>
<div class="rows">
<div class="item">
<label for="fname">First Name<span>*</span></label>
<input id="fname" type="text" name="fname" required />
</div>
<div class="item">
<label for="lname"> Last Name<span>*</span></label>
<input id="lname" type="text" name="lname" required/>
</div>
<div class="item">
<label for="address">Email Address<span>*</span></label>
<input id="address" type="text" name="email" required />
</div>
<div class="item">
<label for="phone">Phone Number</label>
<input id="phone" type="tel" name="phone" required/>
</div>
</fieldset>
<br/>
<fieldset>
<legend>Donation Details</legend>
<div class="colums">
</div>
<div class="item">
<label for="amount">Donation Amount<span>*</span></label>
<input type="text" name="amount" value="20.00" required/>
</div>
<div class="item">
<label for="donation">Donation Comments</label>
<textarea id="donation" rows="3"></textarea>
</div>
</fieldset>
<div class="btn-block">
<button type="submit" name=submit>Donate Now</button>
</div>
</form>
</div>
<div id="footer"></div>
</body>【问题讨论】:
-
您的代码易受 SQL 注入攻击。你应该使用prepared statements
-
谢谢先生,它现在正在工作。