在PHP中从MySQL数据库读取行

Question

I tried to read data from my database to find out is I inserted it correctly. However, the following code has some bug.

$pwdcrypt = SHA1($pwd);
$userregisterquery='INSERT INTO user (email, password) VALUES ('.$email.', '.$pwdcrypt.')';
echo $userregisterquery;
mysqli_query($link, $userregisterquery);

//    echo "Kantaan vietiin sähköposti: ".$email. " ja salasana: ".$pwdcrypt;

$usergetdataquery='select email, password FROM user WHERE email=\''.$email.'\'';
//echo $usergetdataquery; 
$result =  mysqli_query($link, $usergetdataquery);
$row = mysqli_fetch_row($result);
echo "the result is:".print_r($row);

It outputs

INSERT INTO user (email, password) VALUES (a.a@a.com, fcf007079136b14ee9632ea2e3b1e85a061f5006)select email, password FROM user WHERE email='a.a@a.com'SELECT user.id FROM user WHERE email = 'a.a@a.com'the result is:1

On the other hand, as I check table in terminal, it outputs only the user id I inserted there via terminal who has different e-mail address. Why can't I see that user I inserted via WWW-form?

Answer 1

In the line

$userregisterquery= ...

you forgot the quotes. It must read:

$userregisterquery='INSERT INTO user (email, password) VALUES ("'.mysql_real_escape_string($email).'", "'.mysql_real_escape_string($pwdcrypt).'")';

In the line

$usergetdataquery= ...

you have quotes, but you don't have mysql_real_escape_string() , so it will work but it's a security problem if $email comes from outside.