问题描述:

This question already has an answer here:

  • When to use single quotes, double quotes, and backticks in MySQL

    10 answers

网友答案:

You did not encapsulate the values in the sql with quotes and they are strings..

<?php
    if( isset( $_POST['Submit'] ) ){

        $link = mysqli_connect('localhost','root','','shree rathnam cafetaria') or die("Unable to connect");

        $custname = $_POST['name'];
        $custemail = $_POST['emailid'];
        $custphone  = $_POST['no'];
        $ftype = $_POST['nature'];
        $feedback = $_POST['feedback'];
        $rating  = $_POST['optionsRadios'];

        $query = 'INSERT INTO `cust_feedback` (`Name`,`email`,`Phone`,`nature_of_feedback`,`feedback`,`rating`) VALUES("$custname","$custemail","$custphone","$ftype","$feedback","$rating")';
        $result = mysqli_query( $link,$query) or die( mysqli_error( $link ) );

        echo "Thanku for your feedback!";
    }
?>
网友答案:

In your code if(isset($_POST['Submit'])) is try to check feedback.php called by HTTP POST request from your form. Unfortunately, your submit button, <button type="submit" class="btn btn-danger" name="submit">Submit</button> have name "submit" with lowercase not "Submit" with title case.

Just correct your feedback.php to:

<?php
if(isset($_POST['submit']))
{
$link = mysqli_connect('localhost','root','','shree rathnam cafetaria') or        die("Unable to connect");
$custname = $_POST['name'];
$custemail = $_POST['emailid'];
$custphone  = $_POST['no'];
$ftype = $_POST['nature'];
$feedback = $_POST['feedback'];
$rating  = $_POST['optionsRadios'];
$query = 'INSERT INTO cust_feedback(Name,email,Phone,nature_of_feedback,feedback,rating) VALUES($custname,$custemail,$custphone,$ftype,$feedback,$rating)';
$result = mysqli_query($link,$query) or die(mysqli_error($link));
echo "Thanku for your feedback!";
}
?>
网友答案:

Your code is vulnerable to SQL-Injections. I recommend you BananaDB for connect PHP with MySQL: https://github.com/LaNsHoR/BananaDB

相关阅读:
Top