[英]Reading line from MySQL database in PHP
I tried to read data from my database to find out is I inserted it correctly. 我试图从数据库中读取数据,以找出是否正确插入了它。 However, the following code has some bug. 但是,以下代码有一些错误。
$pwdcrypt = SHA1($pwd);
$userregisterquery='INSERT INTO user (email, password) VALUES ('.$email.', '.$pwdcrypt.')';
echo $userregisterquery;
mysqli_query($link, $userregisterquery);
// echo "Kantaan vietiin sähköposti: ".$email. " ja salasana: ".$pwdcrypt;
$usergetdataquery='select email, password FROM user WHERE email=\''.$email.'\'';
//echo $usergetdataquery;
$result = mysqli_query($link, $usergetdataquery);
$row = mysqli_fetch_row($result);
echo "the result is:".print_r($row);
It outputs 输出
INSERT INTO user (email, password) VALUES (a.a@a.com, fcf007079136b14ee9632ea2e3b1e85a061f5006)select email, password FROM user WHERE email='a.a@a.com'SELECT user.id FROM user WHERE email = 'a.a@a.com'the result is:1
On the other hand, as I check table in terminal, it outputs only the user id I inserted there via terminal who has different e-mail address. 另一方面,当我检查终端中的表时,它仅输出我通过具有不同电子邮件地址的终端在其中插入的用户ID。 Why can't I see that user I inserted via WWW-form? 为什么看不到我通过WWW表单插入的用户?
In the line 在行中
$userregisterquery=
... $userregisterquery=
...
you forgot the quotes. 你忘了报价。 It must read: 它必须显示为:
$userregisterquery='INSERT INTO user (email, password) VALUES ("'.mysql_real_escape_string($email).'", "'.mysql_real_escape_string($pwdcrypt).'")';
In the line 在行中
$usergetdataquery=
... $usergetdataquery=
...
you have quotes, but you don't have mysql_real_escape_string()
, so it will work but it's a security problem if $email
comes from outside. 您有引号,但没有mysql_real_escape_string()
,因此可以使用,但是如果$email
来自外部,则存在安全问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.