如何使用PHP和Ajax将表单数据插入MySQL数据库表?

我在使用PHP将数据插入数据库时​​遇到问题,不确定我是否遗漏了某些内容。

首先,我的代码使用ajax方法validation数据,但数据未插入数据库。

其次有phpvalidation作为后退工作,数据插入成功,请参阅下面的代码

PHP 

if(isset($_POST['submit'])){ if(trim($_POST['polltitle']) == ""){ $errortitle = "Please enter a poll question"; $hasError = true; } else{ $polltitle = $_POST['polltitle']; } if(trim($_POST['answerone']) == ""){ $erroropt_1 = "Please choose a response name"; $hasError = true; } else{ $answerone = $_POST['answerone']; } if(trim($_POST['answertwo']) == ""){ $erroropt_2 = "Please choose a response name"; $hasError = true; } else{ $answertwo = $_POST['answertwo']; } if(!isset($hasError)){ $sql = "INSERT INTO Poll (pollname, answer1 , answer2, answer3, active) VALUES ('".$polltitle."','".$answerone."','".$answertwo."','".$answerthree."','".$activatepoll."')"; mysql_query($sql) or die(mysql_error()); $successmg = "
1 record added
"; } } ?> 
 
Create a new poll question
 
        If you want the poll to be visible please check the box  
 
  $(document).ready(function() { $("#postfrm").submit(function(){ $(".error").hide(); var hasError = false; var nameVal = $("#qtitle").val(); var optVal1 = $("#opt1").val(); var optVal2 = $("#opt2").val(); var optVal3 = $("#opt3").val(); var viewpoll = $("#activepoll").val(); if(nameVal == '') { $("#qtitle").after('Please enter a poll question'); hasError = true; } if(optVal1 == '') { $("#opt1").after('Enter an answer'); hasError = true; } if(optVal2 == '') { $("#opt2").after('Enter an answer'); hasError = true; } if(hasError == false) { $(this).hide(); $.ajax({ type:"POST", url: "validatedata.php", data : ({ polltitle:nameVal, answerone:optVal1, answertwo:optVal2, answerthree:optVal3, $activatepoll:viewpoll }), success: function(){ alert("worked"); }, error :function(){ alert("nope :( "); }, complete : function(){ alert("thanks"); } }); } return false; }); });

为什么在activatepoll之前有问号? 

 data : ({ polltitle:nameVal, answerone:optVal1, answertwo:optVal2, answerthree:optVal3, $activatepoll:viewpoll }),

另外你应该发送变量$ _POST [‘submit’]: 

 data : ({ polltitle:nameVal, answerone:optVal1, answertwo:optVal2, answerthree:optVal3, activatepoll:viewpoll, submit: 'yeahhh' }),

您应该使用PDO (PDO是未来),因为您的代码非常不安全。 它易受SQL注入攻击: 

 $sql = "INSERT INTO Poll (pollname, answer1 , answer2, answer3, active) VALUES ('".$polltitle."','".$answerone."','".$answertwo."','".$answerthree."','".$activatepoll."')"; mysql_query($sql) or die(mysql_error());

您的代码也容易受到CSRF , XSS的影响 ,仅举几例。

下面我创建了一个有趣的kev值存储或其他东西。 它使用SQLite作为数据存储区,但您可以通过替换$ db将其替换为 SQL服务器。 或者您可以将SQLite-database( kv.sqlite3 )存储在database/文件夹中。

index.php文件: 

 session_start(); /* prevent XSS. */ $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING); $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING); /* prevent CSRF. */ if (!isset($_SESSION['token'])) { $token = md5(uniqid(rand(), TRUE)); $_SESSION['token'] = md5(uniqid(rand(), TRUE)); } else { $token = $_SESSION['token']; } /* prevent SQL-injection. */ $db = new PDO('sqlite:database/kv.sqlite3'); $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); function createTable($db) { $db->exec("CREATE TABLE IF NOT EXISTS kv (id INTEGER PRIMARY KEY, key TEXT NOT NULL UNIQUE, value TEXT NOT NULL)"); } createTable($db); if (isset($_POST['token']) && isset($_POST['key']) && isset($_POST['value'])) { if ($_POST['token'] != $_SESSION['token']) { exit(); } try { $stmt = $db->prepare("REPLACE INTO kv (key,value) VALUES (:key,:value)"); $stmt->execute(array( ':key' => $_POST['key'], ':value' => $_POST['value'] )); $data['count'] = $stmt->rowCount(); echo json_encode($data); } catch(PDOException $e) { /*** echo the sql statement and error message ***/ echo $sql . '
' . $e->getMessage(); } exit(); } else if (isset($_GET['key'])) { try { $stmt = $db->prepare("SELECT value FROM kv WHERE key = :key"); $stmt->execute(array( ':key' => $_GET['key'], )); if ($row = $stmt->fetch()) { $data['value'] = $row['value']; } else { $data['error'] = "key not found"; } echo json_encode($data); } catch(PDOException $e) { /*** echo the sql statement and error message ***/ echo $sql . '
' . $e->getMessage(); } exit(); } else { ?>       Demo stackoverflow.com - 4819699    
Set:
 
 
 
 
  
Get:

Interesting Posts

使用命名函数作为jquery ajax成功回调时,是否需要括号?

$ .post不起作用(任何地方)! 为什么?

AJAX rails复选框使用javascript .submit()

使用setInterval使ajax调用多次运行

在settimeout函数中使用ajax请求json输出

为什么Ajax在第一次请求时正常工作,但在第二次请求时返回新页面上的部分视图?

递归AJAX调用是个坏主意吗?

jquery ajax $ .post不工作​​IE10

在jquery ajax响应文件代码中调用javascript函数

Rails 4使用ajax,jquery,:remote => true和respond_to呈现部分