<?php function insert_db($sid, $name, $age) { //包含文件 include('db_info.php'); include('DB.php'); //连接mysql $DBconnection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database"); if(!$DBconnection) { die("Could not connect to database: <br />".DB::errorMessage()); } //对表单提交数据转义,以防sql注入攻击 if(get_magic_quotes_gpc()) { $sid = stripslashes($sid); $name = stripslashes($name); $age = stripslashes($age); } $sid = mysql_real_escape_string($sid); $name = mysql_real_escape_string($name); $age = mysql_real_escape_string($age); $query = "insert into t_student values('$sid','$name','$age')"; $result = $DBconnection->query($query); if(DB::isError($result)) { die("Could not query the database:<br />".$query." ".DB::errorMessage()); } echo "Inserted OK"; $query = "select * from t_student"; $result = $DBconnection->query($query); if(DB::isError($result)) { die("Could not query the database:<br />".$query." ".DB::errorMessage()); } echo '<table border="1">'; echo "<tr><th>sid</th> <th>name</th> <th>age</th></tr>"; while($result_row = $result->fetchRow(DB_FETCHMODE_ASSOC)) { echo "<tr><td>"; echo $result_row["id"].'</td><td>'; echo $result_row["name"].'</td><td>'; echo $result_row["age"].'</td></tr>'; } echo "</table>"; $DBconnection->disconnect(); } ?> <html> <head> <title>Insert from a form</title> </head> <body> <?php $sid = htmlentities($_GET["sid"]); $name = htmlentities($_GET["name"]); $age = htmlentities($_GET["age"]); if(NULL!= $sid && NULL!=$name && NULL!=$age) { insert_db($sid, $name, $age); } else { echo ' <h1>my insert demo</h1> <form action="'.$_SERVER["PHP_SELF"].'" method="GET" > <label>sid:<input type="text" name="sid" ></label> <label>name:<input type="text" name="name"></label> <label>age:<input type="text" name="age"></label> <input type="submit" value="GO"></input> </form> '; } ?> </body> </html>
php+mysql处理表单(代码)
最新推荐文章于 2022-07-22 22:47:30 发布