SQL INSERT INTO 给出错误而不解释; 通过语法测试
[英]SQL INSERT INTO giving error without explanation; passed syntax test
问题描述
I created a modal form to capture complete contact information and upload to database.
我创建了一个模态表单来捕获完整的联系信息并上传到数据库。 Worked perfectly.完美地工作。 Used exact same code to create a second modal window to use for login.使用完全相同的代码创建第二个用于登录的模态窗口。 Eliminated excess code.消除了多余的代码。 Continue to get exact same error message:继续获得完全相同的错误消息:
Error: INSERT INTO team_members (id, username, password) VALUES (NULL, 'hfuller', 'davidson')
I have created a testing file and it connects.我创建了一个测试文件并连接。 I simply cannot update to the database.我根本无法更新到数据库。 I even tried copying and pasting an instructor's example file.我什至尝试复制和粘贴教师的示例文件。 That file also failed to update database.该文件也未能更新数据库。
Here is my code (I changed database reference; everything else matched my database):这是我的代码(我更改了数据库引用;其他所有内容都与我的数据库匹配):
<?php
include('connection.php');
if( isset( $_POST["add"] ) ) {
// build a function that validates data
function validateFormData( $formData ) {
$formData = trim( stripslashes( htmlspecialchars( $formData ) ) );
return $formData;
}
// set all variables to empty by default
$username = $password = "";
// check to see if inputs are empty
// create variables with form data
// wrap the data with our function
if( !$_POST["username"] ) {
$nameError = "Please enter a username <br>";
} else {
$username = validateFormData( $_POST["username"] );
}
if( !$_POST["password"] ) {
$passwordError = "Please enter a password <br>";
} else {
$password = validateFormData( $_POST["password"] );
}
// check to see if each variable has data
if( $username && $password ) {
$query = "INSERT INTO team_members (id, username, password)
VALUES (NULL, '$username', '$password')";
if( mysqli_query( $conn, $query ) ) {
echo "<div class='alert alert-success alert-dismissible'><button type='button' class='close' data-dismiss='alert'><span>×</span></button><strong>Credentials are authenticated!</strong> You can now proceed to do the great work that you do!</div>";
} else {
echo "Error: ". $query . "<br>" . mysqli_error($conn);
}
}
}
mysqli_close($conn);
?>
<!-- Modal for Request Information Packet -->
<form class="modal fade form-horizontal" id="team_login" action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>" method="post">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span>×</span></button>
<h3 class="modal-title"><span class="glyphicon glyphicon-lock"></span> Login to the ICTUS Team Portal</h3>
<p>You must enter the correct username and password in order to open the ICTUS Team Member Portal.</p>
</div>
<div class="modal-body">
<div class="center-block text-center">
<img class="img-thumbnail img-circle" src="https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120" alt="Warning Sign"><br><br>
<p><strong>Just a reminder that the information included in the team portal is subject to our Confidentiality Agreement and cannot be shared without prior written permission. Thank you for your cooperation.</strong></p><br><br>
<div class="form-group">
<label class="col-sm-3 control-label"><small class="text-danger">* <?php echo $nameError; ?>* <?php echo $passwordError; ?></small>Login Credentials: </label>
<div class="col-sm-4">
<input type="text" placeholder="Enter Username" name="username" class="form-control">
</div>
<div class="col-sm-4">
<input type="password" placeholder="Enter Password" name="password" class="form-control">
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-lg btn-default" id="information" data-dismiss="modal">Cancel</button>
<button type="submit" name="add" class="btn btn-lg btn-default" id="information">Log In</button>
</div>
</div>
</div>
</form>
I know that this is not secure, etc. It is the first step in creating a secure login page that I am working on.我知道这不安全,等等。这是我正在创建的安全登录页面的第一步。 I am just really stuck on the first page and cannot find the problem.我只是真的卡在第一页上,找不到问题。 Like I said, the more complex complete contact information collection form in a modal window works perfect.就像我说的那样,在模态窗口中更复杂的完整联系信息收集表单很完美。
1 个解决方案
解决方案1
1 2016-02-04 20:36:03
Looking at this query:看看这个查询:
INSERT INTO team_members (id, username, password)
VALUES (NULL, '$username', '$password')
If id is meant to identify the record then NULL isn't going to do a very good job of that.如果id是为了识别记录,那么NULL不会很好地完成这项工作。 How would one identify any given record if all identifiers are NULL ?如果所有标识符都是NULL如何识别任何给定的记录? Also, if it's a primary key then it's likely to be NOT NULL and would need a unique value for any given row.此外,如果它是一个主键,那么它很可能NOT NULL并且任何给定的行都需要一个唯一的值。
My guess is that id is an auto-incrementing column, or in some other way automatically generating its value in the database itself.我的猜测是id是一个自动递增的列,或者以其他方式在数据库本身中自动生成它的值。 If that's the case, omit it from the query entirely:如果是这种情况,请从查询中完全省略它:
INSERT INTO team_members (username, password)
VALUES ('$username', '$password')
Basically, don't try to supply a value if the database is meant to create one itself.基本上,如果数据库打算自己创建一个值,请不要尝试提供一个值。 The database will prioritize the one you supply over any attempt to create one.数据库将优先考虑您提供的那个,而不是任何创建一个的尝试。
As a side note, you may want to look into using prepared statements and query parameters.作为旁注,您可能需要研究使用准备好的语句和查询参数。 Sanitizing input is a good thing, but it's still just covering up the underlying problem.净化输入是一件好事,但它仍然只是掩盖了潜在的问题。 Which is that you're creating user input as code instead of as a value .也就是说,您将用户输入创建为 code而不是value 。 Using query parameters treats the input as a value and doesn't try to execute it.使用查询参数将输入视为一个值并且不会尝试执行它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.