基于用户输入的PHP和MySQL查询无法正常工作
[英]PHP and MySQL query based on user input not working
问题描述
I am creating a users database where there are 4 fields: ID, username, password, and occupation. 
我正在创建一个有4个字段的用户数据库:ID,用户名,密码和职业。 This is a test database. 这是一个测试数据库。 I tried querying the db table and it worked but i have a lot of trouble having a user input and a MySQL query based off of it. 我尝试查询数据库表,但它有效,但是在用户输入和基于该表的MySQL查询方面遇到了很多麻烦。 I run an Apache server in Linux (Debian, Ubuntu). 我在Linux(Debian,Ubuntu)上运行Apache服务器。
I have 2 pages. 我有2页。 The first one is a bare-bone test index page. 第一个是准系统测试索引页。 this is where there are textboxes for people to input easy info to register their info in the db. 这是人们可以在其中输入简单信息以将其信息注册到数据库中的文本框的地方。 Here is the code for it: 这是它的代码:
<html> <form action="reg.php" method="POST"> Username: <input type="text" name="u">Password: <input type="password" name="p">Occupation: <input type="text" name="o"> <input type="submit" value="register"> </form> </html>
After the submit button is clicked. 单击提交按钮后。 It goes to the reg.php file. 它进入reg.php文件。 This is where it gets complicated. 这是复杂的地方。 The page goes blank!!! 页面空白!!! Nothing is displayed or inputted in the db. 数据库中未显示或输入任何内容。 Normal queries work well, but when user interaction is added, something is wrong. 普通查询工作良好,但是添加用户交互时,出现了问题。 Here is the code for reg.php: 这是reg.php的代码:
<?php $un = $_POST["u"] $pk = $_POST["p"] $ok = $_POST["o"] $u = mysql_real_escape_string($un); $p = mysql_real_escape_string($pk); $o = mysql_real_escape_string($ok); $link = mysql_connect('localhost', 'root', 'randompassword'); if (!$link){ die(' Oops. We Have A Problem Here: ' . mysql_error()); } if ($link){ echo 'connected succesfully'; } mysql_select_db("forum") or die(' Oops. We Have A Problem Here: ' . mysql_error()); $data = mysql_query("INSERT INTO users (username, password, occupation) VALUES ('{$u}', '{$p}', '{$o}')"); ?>
Can anyone hep me to correct this code to make this work? 谁能帮助我更正此代码以使其正常工作? Thank you so much for your time. 非常感谢您的参与。 Much appreciated. 非常感激。
EDIT: I noticed that i did not add semicolons in the first 3 lines. 编辑:我注意到我没有在前3行中添加分号。 after doing so i got this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '{'', '', '')' at line 1." 这样做之后,我收到以下错误消息:“您的SQL语法有错误;请查看与MySQL服务器版本相对应的手册,以在第1行的'{','','')'附近使用正确的语法”。 Can someone explain why? 有人可以解释为什么吗?
EDIT: the website is just on my local machine... on an apache server on linux 编辑:该网站就在我的本地计算机上...在Linux上的Apache服务器上
3 个解决方案
解决方案1
4 2015-03-16 21:12:17
You are missing semi-colons in the first three lines. 您在前三行中缺少分号。
$un = $_POST["u"];
$pk = $_POST["p"];
$ok = $_POST["o"];
解决方案2
1 已采纳 2015-03-16 21:31:56
mysql_real_escape_string() requires a db connection. mysql_real_escape_string()需要数据库连接。 Try this .... 尝试这个 ....
<?php
$un = $_POST["u"];
$pk = $_POST["p"];
$ok = $_POST["o"];
$link = mysql_connect('localhost', 'root', 'randompassword');
if (!$link){
die(' Oops. We Have A Problem Here: ' . mysql_error());
}
if ($link){
echo 'connected succesfully';
}
mysql_select_db("forum") or die(' Oops. We Have A Problem Here: ' . mysql_error());
$u = mysql_real_escape_string($un);
$p = mysql_real_escape_string($pk);
$o = mysql_real_escape_string($ok);
$sql = "INSERT INTO users (username, password, occupation) VALUES ('$u', '$p', '$o')";
$ins_sql = mysql_query($sql);
IF($ins_sql) {
echo 'Inserted new record.';
}ELSE{
echo 'Insert Failed.';
}
?>
解决方案3
0 2015-03-16 21:12:07
Try adding this to the top of your script: 尝试将其添加到脚本顶部:
error_reporting(E_ALL);
ini_set("display_errors", 1);
This way you will see all errors that you made syntactically or even within your SQL. 这样,您将看到语法上甚至在SQL中所犯的所有错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.