我可以显示查询错误号,还是如何找出MySQL查询出了什么问题?
[英]Can I display a query error number, or how can I find out what's wrong with my MySQL query?
问题描述
I was writing register.php which creates the user and add him to MySQL table "workers". 
我正在编写register.php来创建用户并将其添加到MySQL表“ workers”。 It has a basic validation and uses session to check if the user is already logged in. However, I have encountered a problem with my INSERT query, It doesn't work. 它具有基本的验证功能,并使用会话来检查用户是否已经登录。但是,我的INSERT查询遇到问题,它不起作用。 I have made an error message which display text: "Something went wrong, try again later... " and should display mysqli error. 我制作了一条错误消息,显示文本:“出了点问题,请稍后再试...”,应该显示mysqli错误。 However it just displays the message and doesn't work. 但是,它仅显示消息,并且不起作用。 How can I display mysql query error number and what's wrong with my query? 如何显示mysql查询错误号以及查询出了什么问题? register.php: register.php:
<?php
session_start();
include_once ('db.php');
$error = false;
$nameError = '';
$passwordError = '';
$usernameError = '';
$surnameError = '';
$emailError = '';
$MSG = '';
if (!isset($_SESSION['login_user'])) {
if (isset($_POST['Register'])) {
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = $_POST['username'];
// Username validation
if (empty($username)) {
$error = true;
$usernameError = 'Please enter your username';
} else {
if (!preg_match('/^[a-zA-Z0-9]{5,}$/', $username)) {
$error = true;
$usernameError = 'Invalid Username';
}
}
//Name validation
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have at least 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/", $name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
//surname validation
if (empty($surname)) {
$error = true;
$surnameError = "Please enter your surname";
} else if (strlen($surname) < 3) {
$error = true;
$surnameError = "Surname must have at least 3 characters";
} else if (!preg_match("/^[a-zA-Z ]+$/", $surname)) {
$error = true;
$surnameError = "Surname must contain alphabets";
}
//basic email validation
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = true;
$emailError = "Please enter valid email";
} else {
// check email exist or not
$query = "SELECT email FROM workers WHERE email='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
if ($count != 0) {
$error = true;
$emailError = "Provided Email is already in use.";
}
}
// password validation
if (empty($password)) {
$error = true;
$passwordError = "Please enter password.";
} else if (strlen($password) < 6) {
$error = true;
$passwordError = "Password has to be at least 6 charachters long";
}
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $name);
$email = mysqli_real_escape_string($conn, $name);
$password = mysqli_real_escape_string($conn, md5($password));
$user = mysqli_real_escape_string($conn, $username);
if (!$error) {
$query = "INSERT INTO 'workers' (id,user_name,password,email,surname,name) VALUES(NULL ,$user,$password,$email,$surname,$name)";
$result = mysqli_query($conn, $query);
if ($result) {
$MSG = "Successfully registered, you may login now";
unset($name, $password, $username, $surname, $name);
} else {
$MSG = "Something went wrong, try again later...";
echo mysqli_error($conn);
}
}
}
}else{
echo "<script type='text/javascript'> document.location = 'welcome.php'; </script>";
exit();
}
?>
2 个解决方案
解决方案1
0 2017-08-01 05:56:47
You have one Mistake in your query you can not use ' when you want to Definition table in your query. 您的查询中有一个错误,当您要在查询中定义表时不能使用' 。
it is true 是真的
INSERT INTO `workers` (id,user_name,password,email,surname,name) VALUES(NULL ,$user,$password,$email,$surname,$name)";
解决方案2
0 已采纳 2017-08-01 06:13:23
As Barmar already advised, you should change this query to use prepared statements . 正如Barmar所建议的那样,您应该将此查询更改为使用准备好的语句 。
I would go one step further and advise you to use PDO and scrap using mysqli altogether. 我会更进一步,建议您使用PDO并完全使用mysqli进行废弃。
With that said, as pedram pointed out you have an issue with your table name specification, but I find that is sometimes an issue with people pasting in code. 话虽如此,正如pedram指出的那样,您的表名规范存在问题,但是我发现有时粘贴人员会遇到问题。
All tablename specifiers in mysql need to use backtics. mysql中的所有表名说明符都需要使用backtics。 So: 所以:
INSERT INTO 'workers'
Isn't going to work. 是行不通的。
INSERT INTO `workers`
might. 威力。
In my opinion there is no strong reason to use backtics unless your tablename is a reserved word. 在我看来,除非您的表名是保留字,否则没有充分的理由使用后缀。 I never use them unless I absolutely have to. 除非绝对必要,否则我不会使用它们。
But that is only part of the problem with your query, because you need quotes around any CHAR/VARCHAR/STRING data. 但这只是查询问题的一部分,因为您需要在任何CHAR / VARCHAR / STRING数据周围加引号。
So you need: 因此,您需要:
$query = "INSERT INTO `workers` (id,user_name,password,email,surname,name) VALUES (NULL, '$user','$password','$email','$surname','$name')";
Last but not least you have this code: 最后但并非最不重要的是,您具有以下代码:
if ($result) {
$MSG = "Successfully registered, you may login now";
unset($name, $password, $username, $surname, $name);
} else {
$MSG = "Something went wrong, try again later...";
echo mysqli_error($conn);
}
It's not clear what you are actually seeing, but this code should be echoing the mysqli_error(). 目前尚不清楚您实际看到的内容,但是此代码应回显mysqli_error()。 You set a $MSG variable but you never echo it out. 您设置了$ MSG变量,但从未回显它。 In production code you shouldn't be echoing out the mysqli_error() to end users as that will be leaking your database internals. 在生产代码中,您不应向最终用户回显mysqli_error(),因为这将泄漏数据库内部。 Just for debugging it's ok, but easy to forget. 仅用于调试是可以的,但很容易忘记。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.