php表单不将表单数据写入mysql数据库

Question

我必须在下面编写代码 - 已更新

PHP代码

    if(empty($_POST['formEmail'])) 
    {
        $errorMessage .= "<li>You forgot to enter your email</li>";
    }

    $varEmail = $_POST['formEmail'];

    if(empty($errorMessage)) 
    {

        $db = mysql_connect("servername","username","password");
        if(!$db) die("Error connecting to MySQL database.");
        mysql_select_db("tableName" ,$db);



    $sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

    mysql_query($sql);


echo "Details added";
$_SESSION['status'] = 'success';
 }

exit();


    }

function PrepSQL($value)
{
    // Stripslashes
    if(get_magic_quotes_gpc()) 
    {
        $value = stripslashes($value);
    }

    // Quote
    $value = "'" . mysql_real_escape_string($value) . "'";

    return($value);
}
?>

表单代码

    <?php
if(!empty($errorMessage)) 
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
    }
    ?>

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>
<label for='formEmail'>Sign up to be notified when we go live!</label><br/>
<input type="text" name="formEmail" maxlength="50" value="<?=$varEmail;?>" />
</p>
<input type="submit" name="formSubmit" value="Submit" />
</form>

我没有收到任何错误，据我所知，语法看起来不错，但它没有将电子邮件信息放入数据库。任何人都知道发生了什么事？作为旁注，我是所有 php 的新手。

Answer 1

您忘记运行查询了!放

mysql_query($sql);

紧接着

$sql = "INSERT INTO emails(email) VALUES ('$varEmail')";

确保通过 mysql_real_escape_string 运行 $_POST 变量:

$varEmail = mysql_real_escape_string($_POST['formEmail']);

这将有助于保护您免受 SQL Injection attacks 的侵害.

编辑

还有一件小事，我猜您想在表单成功提交时设置 session 变量success。为此，您需要移动

echo "Details added";
$_SESSION['status'] = 'success';

在与运行 SQL 查询相同的 if 结构中，否则它永远不会被设置