没有提示错误和数据未插入子表 - PHP、SQL
[英]No prompted error and data not inserting into child table - PHP, SQL
问题描述
I have a problem regarding "no prompted error and data cannot insert into child table".
我有一个关于“没有提示错误且数据无法插入子表”的问题。
I have 2 tables (users and useradvert);我有 2 个表(用户和 useradvert); - The users is the PARENT - The useradvert is the CHILD - users是父母 - users useradvert是孩子
users(parent table-ID is primary key with auto increment)users(父表 ID 是具有自动增量的主键)- ID ID
- name姓名
- username用户名
- telno电话号码
- password密码
- date (timestamp)日期(时间戳)
- ID
useradvert(child table-ID is index with NO auto increment)useradvert(子表 ID 是没有自动增量的索引)- ID ID
- name2姓名2
- color2颜色2
- hobby2爱好 2
- ID
I have no problems creating a relation table.创建关系表没有问题。 The 2 tables are now related.这两个表现在是相关的。
Then I have a login page (login.php) - runs fine no problem..然后我有一个登录页面(login.php) - 运行正常没问题..
And I have a user page (useracc-test.php)-> this is a page after a user log in successfully via login.php.我有一个用户页面 (useracc-test.php)-> 这是用户通过 login.php 成功登录后的页面。 They will be able to view their personal data and also enter their name again (any different nick name they like), color and hobby.This page display user's personal data and secondly, there is also a form where users can enter data like I said previously(name2,color and hobby).他们将能够查看他们的个人数据并再次输入他们的姓名(他们喜欢的任何不同的昵称)、颜色和爱好。此页面显示用户的个人数据,其次,还有一个用户可以输入数据的表单,就像我说的以前(姓名2,颜色和爱好)。
I have no problem displaying the user's personal data in the user page (useracc.test.php).我在用户页面 (useracc.test.php) 中显示用户的个人数据没有问题。 This data is retrieved from parent table "user".该数据是从父表“user”中检索的。 The problem I'm having is, I cannot insert data into the child table (useradvert).我遇到的问题是,我无法将数据插入子表 (useradvert)。 No error prompted.没有提示错误。
<?php
//useracc-test.php
/**
* Start the session.
*/
session_start();
ini_set('display_errors', 1);
error_reporting(E_ALL);
// require 'lib/password.php';
require 'connect-test.php';
$userName= isset($_POST['username']) ? $_POST['username'] : '';
$query = "SELECT id, name, username, telno FROM users WHERE username = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param('s', $userName);
$stmt->execute();
$res = $stmt->get_result();
?>
<html>
<head>
<style type="text/css">
#apDiv2 {
position: absolute;
left: 51px;
top: 238px;
width: 237px;
height: 93px;
z-index: 1;
}
#apDiv1 {
position: absolute;
left: 134px;
top: 123px;
width: 234px;
height: 104px;
z-index: 2;
}
#apDiv3 {
position: absolute;
left: 58px;
top: 146px;
width: 219px;
height: 61px;
z-index: 2;
}
#apDiv4 {
position: absolute;
left: 302px;
top: 102px;
width: 365px;
height: 123px;
z-index: 3;
}
</style>
<link href="SpryAssets/SpryTabbedPanels.css" rel="stylesheet" type="text/css">
<script src="SpryAssets/SpryTabbedPanels.js" type="text/javascript"></script>
</head>
<body>
Your Personal details:</p>
<p><?php while($row = $res->fetch_array()): ?>
<p><?php echo $row['id']; ?></p>
<p><?php echo $row['name']; ?></p>
<p><?php echo $row['username']; ?></p>
<p><?php echo $row['telno']; ?>
<?php
// $userid = $_POST['id'];
$stmt=$conn->prepare("INSERT INTO useradvert (id,name2,color2,hobby2) VALUES (?,?,?,?)");
$stmt->bind_param("isss", $id, $name2, $color2, $hobby2);
$stmt->execute();
if (!$stmt)
{ printf("Errormessage: %s\n", $mysqli->error);}
else {
echo "New records created successfully";}
$stmt->close();
$conn->close();
?>
<form name="form2" method="post" action="useracc-test.php">
<p>INSERT YOUR INTEREST:</p>
<p>
</p>
ID:
<input name="id" type="hidden" id="id" value="<?php echo $row['id']; ?>">
<p>Name :
<input type="text" name="name2" id="name2">
</p>
<p>
<label for="warna2"></label>
Color :
<input type="text" name="color2" id="color2">
</p>
<p>
<label for="hobi2"></label>
Hobby:
<input type="text" name="hobby2" id="hobby2">
</p>
<p>
<input type="submit" name="submit" id="submit" value="submit">
</p>
<p> </p>
</form>
<?php endwhile; ?>
</body>
</html>
--
-- Table structure for table `useradvert`
--
CREATE TABLE IF NOT EXISTS `useradvert` (
`id` int(10) unsigned NOT NULL,
`name2` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
`color2` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
`hobby2` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
`telno` varchar(11) COLLATE utf8_unicode_ci NOT NULL,
`username` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
`password` varchar(60) COLLATE utf8_unicode_ci NOT NULL,
`date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`),
KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=96 ;
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`id`, `name`, `telno`, `username`, `password`, `date`) VALUES
(95, 'Test Name', '09999999999', 'test@test.com', '$2y$12$fqdmAQk5c8qk8Eh2TWy2n.AdNO.lFjqmi2ruSzk8tsVXcK71OcPae', '2015-12-24 05:00:13');
--
-- Constraints for dumped tables
--
--
-- Constraints for table `useradvert`
--
ALTER TABLE `useradvert`
ADD CONSTRAINT `useradvert_ibfk_1` FOREIGN KEY (`id`) REFERENCES `users` (`id`);
4 个解决方案
解决方案1
0 2015-12-22 16:10:59
In your connection you're using mysqli , in your query you're using mysql_在您的连接中您使用的是mysqli ,在您的查询中您使用的是mysql_
$query = sprintf("select name, username, telno FROM users WHERE username='%s'", mysqli_real_escape_string($conn, $userName));
(Change to mysqli_real_escape_string ) (更改为mysqli_real_escape_string )
解决方案2
0 2015-12-22 16:19:12
The first problem, as lucap stated, is that you try to insert data in a table with no auto increment ID, without providing that ID.正如 lucap 所说,第一个问题是您尝试在没有自动增量 ID 的表中插入数据,而不提供该 ID。 if you look at the mysqli error you should with print($conn->error);如果您查看 mysqli 错误,您应该使用print($conn->error); you should see an error message about that.您应该会看到一条关于此的错误消息。
But there is some other errors in your script that make it fail.但是您的脚本中还有一些其他错误导致它失败。 Let's take this step by step.让我们一步一步来。
$query = sprintf("select name, username, telno FROM users WHERE username='%s'", mysql_real_escape_string($userName));
$result = $conn->query($query);
You should test the password in this query, as right now it consider as logged an user who just send as post data the username, which is a severe security issue.您应该在此查询中测试密码,因为现在它认为已登录的用户仅将用户名作为发布数据发送,这是一个严重的安全问题。 Beside that, there is two error: you don't get the ID of the user in the query, and mysql_real_escape_string is deprecated.除此之外,还有两个错误:您没有在查询中获得用户的 ID,并且不推荐使用mysql_real_escape_string 。 Considering you're using mysqli, I suggest to proceed in this way to sanitize input data:考虑到您正在使用 mysqli,我建议以这种方式处理输入数据:
$sql = sprintf("SELECT ID, name, username, telno FROM users WHERE username = '%s' AND password = '%s'", mysqli_real_escape_string($conn, $_POST['username']), mysqli_real_escape_string($conn, $_POST['password']));
$result = $conn->query($sql);
$result = $result->fetch_row();
Of course you should hash the password with the appropriate encryption you're using, because of course you don't store the password raw :)当然,您应该使用正在使用的适当加密来散列密码,因为您当然不会存储原始密码:)
So this:所以这:
<?php while($row=$result->fetch_assoc()): ?>
<?= $row['name'] ?>
</p>
<p>
<?= $row['username'] ?>
</p>
<p>
<?= $row['telno'] ?>
<?php endwhile; ?>
Will become:会变成:
<p><?php echo $row['name']; ?></p>
<p><?php echo $row['username']; ?></p>
<p><?php echo $row['telno']; ?>
So let's get on what you stumbled upon:那么让我们来看看你偶然发现的:
$sql = "INSERT INTO useradvert(name2,color2,hobby2)VALUES('$name2', '$color2','$hobby2')";
if ($conn->query($sql) === TRUE) {
if (isset($_POST['submit'])){
$name2=$_POST['name2'];
$color2=$_POST['color2'];
$hobby2=$_POST['hobby2'];
echo "You have succesfylly inserted your data. Insert another data again?";
}
else
{
die ("Error: " . $sql . "<br>" . $conn->error );
}
$conn->close();
}
This can't work for the following reasons:由于以下原因,这不起作用:
- As stated above you don't provide the ID.如上所述,您不提供 ID。
$name2,$color2and$hobby2just containtruebecause of this:$name2,$color2$hobby2和$hobby2只包含true因为这个:$name2=isset($_POST['name2']); $color2=isset($_POST['color2']); $hobby2=isset($_POST['hobby2']);I guess what you wanted to do was in fact:
我猜你想要做的实际上是:$name2 = isset($_POST['name2']) ? $_POST['name2'] : ''; $color2 = isset($_POST['color2']) ? $_POST['color2'] : ''; $hobby2 = isset($_POST['hobby2']) ? $_POST['hobby2'] : '';
And beside those two points, this query isn't secure as it insert raw data in the query.除了这两点之外,这个查询并不安全,因为它在查询中插入了原始数据。 So the final code would be:所以最终的代码是:
$sql = sprintf("INSERT INTO useradvert (ID, name2, color2, hobby2) VALUES (%d, '%s', '%s', '%s')", (int)$result['ID'], mysqli_real_escape_string($conn, $name2), mysqli_real_escape_string($conn, $color2), mysqli_real_escape_string($conn, $hobby2));
if($conn->query($sql) === true) {
// do your stuff
}
I think that's all, but if you still encounter issues after fixing all this, I suggest to check on $conn->error to see any error from mysqli, and do var_dump of your data to see if everything is ok.我想这就是全部,但是如果您在解决所有这些问题后仍然遇到问题,我建议检查$conn->error以查看来自 mysqli 的任何错误,并对您的数据执行var_dump以查看是否一切正常。 Be sure too that you turned on php errors with the following:也请确保您使用以下内容打开了 php 错误:
ini_set('display_errors', 1);
error_reporting(E_ALL);
解决方案3
0 2015-12-24 12:27:25
我自己解决了这个问题......我忘记了 if(isset($_POST['submit']))..LoL.我做了一些小改动只是为了添加上面的isset..现在一切正常..
解决方案4
-1 2015-12-22 15:32:00
you must specify the id in your insert statement.您必须在插入语句中指定 id。 add id in select statement在select语句中添加id
$query = sprintf("select id,name, username, telno FROM users WHERE username='%s'", mysql_real_escape_string($userName));
and then:进而:
$id=$row['id'];
$sql = "INSERT INTO useradvert(id,name2,color2,hobby2)VALUES('$id','$name2', '$color2','$hobby2')";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.