[英]PHP won't insert into MySQL, no error
$sql = "INSERT INTO $table_name VALUES
('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', password('$_POST[password]'), 'Users', '', '', '$pchange',
'$_POST[email]', '$default_url', '$verify', '', 0, '', 0)";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$sql, $connection and $table_name are all valid and are used previously in the script and the database, this is how my database looks like: $ sql,$ connection和$ table_name都有效,并且以前在脚本和数据库中使用过,这就是我的数据库的样子:
firstname varchar(20) latin1_swedish_ci Yes NULL Change Drop More
lastname varchar(20) latin1_swedish_ci Yes NULL Change Drop More
username varchar(20) latin1_swedish_ci Yes NULL Change Drop More
password varchar(50) latin1_swedish_ci Yes NULL Change Drop More
group1 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
group2 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
group3 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
pchange varchar(1) latin1_swedish_ci Yes NULL Change Drop More
email varchar(100)latin1_swedish_ci Yes NULL Change Drop More
redirect varchar(100)latin1_swedish_ci Yes NULL Change Drop More
verified varchar(1) latin1_swedish_ci Yes NULL Change Drop More
last_login date Yes NULL Change Drop More
balance double UNSIGNED Yes 0 Change Drop More
address varchar(60) latin1_swedish_ci Yes NULL Change Drop More
lostbalance double Yes 0 Change Drop More
Thanks in advance. 提前致谢。
No error because of @: 由于@没有错误:
@mysql_query($sql,$connection) or die(mysql_error());
The @ suppresses the errors from the mysql_query() function. @禁止来自mysql_query()函数的错误。
I see multiple errors in your statements: 我在您的陈述中看到多个错误:
'$_POST[firstname]'
- is suppossed to be $_POST['firstname']
. '$_POST[firstname]'
-假定为$_POST['firstname']
。 Store the value in a variable or use concatenation: "'.$_POST['firstname'].'"
将值存储在变量中或使用串联: "'.$_POST['firstname'].'"
Use mysql_query($sql) or die(mysql_error());
使用mysql_query($sql) or die(mysql_error());
Escape all the data you are storing in the db. 转义您存储在数据库中的所有数据。
First of all, it is not good security practice to leave any user input unfiltered, because soon you will be victim of SQL injection and/or XSS attacks. 首先,保留任何用户输入未经过滤不是良好的安全做法,因为很快您将成为SQL注入和/或XSS攻击的受害者。 You should filter your user input this way: 您应该通过以下方式过滤用户输入:
$var = filter_var($_POST['var']), FILTER_SANITIZE_STRING);
Then you should use this $var
in your SQL query, instead of directly using the $_POST['var'].
然后,您应该在SQL查询中使用该$var
,而不是直接使用$_POST['var'].
ie: 即:
$sql = "INSERT INTO $table_name VALUES
('$firstname', '$lastname', '$username', password('$password'), 'Users', '', '', '$pchange',
'$email', '$default_url', '$verify', '', 0, '', 0)";
您必须在“ VALUES”前面命名表列
INSERT INTO $table_name (field_1, field2, ...) VALUES ($_POST_1, ...)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.