为什么我的php无法连接到sql数据库代码?
[英]Why doesn't my php connect to sql database code work?
问题描述
/* I have set up a database in my php admin and use dreamweaver. 
/ *我已经在php管理员中设置了一个数据库,并使用了Dreamweaver。 Not sure why it doesn't work. 不知道为什么它不起作用。 The $ vars are taken from the ftp site i use. $ vars来自我使用的ftp站点。 Here is the code: */ 这是代码:* /
<?php
$db_host = "host";
$db_username = "user_name";
$db_pass = "password";
$db_name = "db_name";
@mysql_connect($db_host, $db_username $db_pass) or die ("Could not connect
to MySQL");
@mysql_select_db($db_name) or die ("No database");
$sql = "INSERT INTO 'signups' (FirstName, LastName, email,CompanyName,
JobTitle, ProductSector,ProductWebsite,ProductName,id)
VALUES ('$FirstName', '$LastName', '$email','$CompanyName', '$JobTitle',
'$ProductSector','$ProductWebsite','$ProductName','$id')";
?>
2 个解决方案
解决方案1
1 2015-09-26 21:39:39
I realize this is a 'quick and easy' way to connect to MySQL - but it is extremely prone to Sql injection . 我意识到这是连接MySQL的“快速简便”方法-但极易发生Sql注入 。 A parameterized query is a more secure approach. 参数化查询是一种更安全的方法。 Additionally, the 'mysql' driver should not be used the driver is deprecated and will not exist in php7 . 另外,不应使用“ mysql”驱动程序,因为该驱动程序已被弃用,并且在php7中将不存在 。 Instead, MySQLi or PDO driver (preferred) for sql is to be used. 相反,将使用用于MySQL的MySQLi或PDO驱动程序 (首选)。 The MySQL_connect is no longer documented on the PHP website. MySQL_connect不再记录在PHP网站上。
Even if this is a test environment, I would strongly encourage switching to a secure driver early. 即使这是一个测试环境,我也强烈建议您尽早切换到安全驱动程序。
As Elias Nicolas pointed out... Placing the @ symbol in front of mysql_connect causes any error you are having to be 'skipped'. 正如Elias Nicolas指出的那样...将@符号放在mysql_connect前面会导致任何错误,您必须“跳过”。 The error won't log, and it will make it look like there isn't a problem when there is. 该错误不会记录下来,它将使它看起来好像没有问题时一样。
Edit: This will get you close to Mysqli - should already exist in the extensions for php. 编辑:这将使您接近Mysqli-应该已经存在于php的扩展名中。 You might need to enable it in the php.ini. 您可能需要在php.ini中启用它。 Also, you might need single ' marks around the ?'sie: ('?'). 另外,您可能需要在?sie:('?')周围加一个'。
// don't forget to sub the vars!
$db_host = "host";
$db_username = "user_name";
$db_pass = "password";
$db_name = "db_name";
$link = new mysqli($db_host, $db_username, $db_pass, $db_name) or die ('Could not connect to the database server' . mysqli_connect_error());
$sql = <<<QUERY
INSERT INTO signups
(FirstName, LastName, email, CompanyName, JobTitle, ProductSector, ProductWebsite, ProductName, id)
VALUES
(?,?,?,?,?,?,?,?,?);
QUERY;
if ($stmt = $mysqli->prepare($sql))
{
$stmt->bind_param("sssssssss", $FirstName, $LastName, $email, $CompanyName, $JobTitle, $ProductSector, $ProductWebsite, $ProductName, $id);
$stmt->execute();
}
$link->close();
解决方案2
0
For your table name, and the names of the columns but not the values, you use ` instead of '. 对于表名以及列名而不是值,请使用`代替'。 Your sql should look like this. 您的sql应该看起来像这样。
INSERT INTO `signups` (`FirstName`, `LastName` `email`, `CompanyName`,
`JobTitle`, `ProductSector'`,`ProductWebsite`,`ProductName`,`id`)
VALUES ('$FirstName', '$LastName', '$email','$CompanyName', '$JobTitle',
'$ProductSector','$ProductWebsite','$ProductName','$id')
Hope that helps. 希望能有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.