很多人都问过同样的问题,我读过这些东西,而我的不同,
我试图从表单中在数据库中插入一些值,但没有插入
我在数据库中有一个表,有6列,只想在4列中插入一些值
表名称:wp_contactus
6列
id名字姓氏电子邮件
查询注册日期这是仅在4列中插入的代码4列
第一名第二名电子邮件查询代码:
<div class="wrap">
<form action="" method="post">
FirstName <input type="text" name="firstNametxt" value="" /><br/>
LastName <input type="text" name="lastNametxt" value="" /><br/>
email <input type="text" name="email" value="" /><br/>
Query <input type="text" name="query" value="" /><br/>
<input name="Submit" type="submit" value="Submit">
</form>
<form method="post">
<?php
global $wpdb;
$firstName = $_POST["firstNametxt"];
$lastName = $_POST["lastNametxt"];
$email = $_POST["email"];
$query = $_POST["query"];
echo $firstName;
$contactus_table = $wpdb->prefix."contactus";
$sql = "INSERT INTO $contactus_table (id, firstname, lastname, email,
query, reg_date) VALUES (\'2\', $firstName, $lastName, $email, $query,
CURRENT_TIMESTAMP);";
$wpdb->query($sql))
?>
</form>
</div>
<?php
}
add_shortcode( \'CONUS\', \'contactus_shortcode\' );
?>
<?php
}
add_shortcode( \'CONUS\', \'contactus_shortcode\' );
?>
SO网友:TheDeadMedic
You\'re inserting raw POST data straight into an SQL query - 消毒,消毒,消毒!下面的代码应该可以帮助您开始,但我建议您添加一些额外的检查(电子邮件是否有效?字符串是否过长?等等):
<?php
$errors =
$values = array();
if ( isset( $_POST[\'Submit\'] ) ) {
$fields = array(
\'firstNametxt\',
\'lastNametxt\',
\'email\',
\'query\',
);
foreach ( $fields as $field ) {
if ( isset( $_POST[ $field ] ) ) { // Never assume a POST field will be set
// Ensure the value is a string, POST data can be an array if the user is meddling
$value = ( string ) $_POST[ $field ];
// Strip slashes that WordPress adds
$value = wp_unslash( $value );
// Remove trailing/preceding whitespace
$value = trim( $value );
// Core WordPress function to check for invalid UTF-8, strip tags, remove line breaks etc.
$value = sanitize_text_field( $value );
} else {
$value = \'\';
}
if ( ! $value )
$errors[ $field ] = \'This field is required.\';
else
$values[ $field ] = $value;
}
if ( ! $errors ) {
$wpdb->insert(
$wpdb->prefix . \'contactus\',
$values,
\'%s\'
);
}
}
?>
<?php if ( $errors ) : ?>
<p>Please ensure all fields are completed.</p>
<?php endif ?>
<form method="post">
FirstName <input type="text" name="firstNametxt" value="" /><br/>
LastName <input type="text" name="lastNametxt" value="" /><br/>
email <input type="text" name="email" value="" /><br/>
Query <input type="text" name="query" value="" /><br/>
<input name="Submit" type="submit" value="Submit">
</form>
以及
read up on the codex for safely inserting into tables using wpdb::insert()
SO网友:Mat
您似乎正在尝试在提交表单之前插入数据。上面的代码有两个表单,一个用于输入,另一个用于PHP。
您需要检查表单是否已提交,然后执行PHP代码,如果未提交,则显示表单。
$submitted_form = $_POST[\'submit\'];
if(isset($submitted_form)) {
//process and validate, then insert
} else {
// nothing submitted, so lets display the form
<form action="" method="post">
FirstName <input type="text" name="firstNametxt" value="" /><br/>
LastName <input type="text" name="lastNametxt" value="" /><br/>
email <input type="text" name="email" value="" /><br/>
Query <input type="text" name="query" value="" /><br/>
<input name="Submit" type="submit" value="Submit">
</form>
}
这将为您指明正确的方向。
