これは、query
の代わりに一般的に使用するのが「より良い」プリペアドステートメントを使用した作業サンプルです。
action.php
$con = new mysqli('localhost', 'root', '', 'dachi');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if (isset($_GET['do']) && $_GET['do'] === "register") {
$teamname = $_POST["teamname"];
$teamregion = $_POST["teamregion"];
$teamleader = $_POST["teamleader"];
$teammembers = $_POST["teammembers"];
$wins = 0;
$loses = 0;
$stmt = $con->prepare("INSERT INTO `teams` (`teamname`,`region`,`teamleader`,`teammembers`,`wins`,`loses`) VALUES (?,?,?,?,?,?)");
$stmt->bind_param('ssssii', $teamname, $teamregion, $teamleader, $teammembers, $wins, $loses);
$stmt->execute();
$stmt->close();
}
register.php
<form class="register_form" action="action.php?do=register" method="post">
Team Name*: <input type="text" name="teamname" required />
Team Region*: <input type="text" name="teamregion" maxlength="4" required />
Team Leader*: <input type="text" name="teamleader" maxlength="16" required />
Team Members: <input type="text" name="teammembers" />
<input name="register_submit" type="submit" value="Register" />
</form>