sql >> Base de Datos >  >> RDS >> Mysql

No actualizar la base de datos SQL

Aquí hay una muestra de trabajo con declaraciones preparadas, que son "mejores" para usar en general en lugar de query

acción.php

$con = new mysqli('localhost', 'root', '', 'dachi');

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

if (isset($_GET['do']) && $_GET['do'] === "register") {
    $teamname = $_POST["teamname"];
    $teamregion = $_POST["teamregion"];
    $teamleader = $_POST["teamleader"];
    $teammembers = $_POST["teammembers"];
    $wins = 0;
    $loses = 0;

    $stmt = $con->prepare("INSERT INTO `teams` (`teamname`,`region`,`teamleader`,`teammembers`,`wins`,`loses`) VALUES (?,?,?,?,?,?)");
    $stmt->bind_param('ssssii', $teamname, $teamregion, $teamleader, $teammembers, $wins, $loses);
    $stmt->execute();
    $stmt->close();
}

registrar.php

<form class="register_form" action="action.php?do=register" method="post">
    Team Name*: <input type="text" name="teamname" required />
    Team Region*: <input type="text" name="teamregion" maxlength="4" required />
    Team Leader*: <input type="text" name="teamleader" maxlength="16" required />
    Team Members: <input type="text" name="teammembers"  />
    <input name="register_submit" type="submit" value="Register" />
</form>