PHP查询插入字符串到数据库

Question

<?php

$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password)
{

$connect = mysql_connect("CiniCraftData.db.55555555.hostedresource.com", "CiniCraftData", "*********") or die("Couldn't Connect");
mysql_select_db("CiniCraftData") or die ("Couldn't Find Database"); 

            $query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";
            $result = mysql_query($query) or die("Error occurred.");

}
else die("Please enter a username and password.");

?>

For this part of the code:

$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";

The VALUES seem to not be working properly, I need whatever the string value of $username is to be inserted into my CiniUsers database. What do I need to do to make the code above work? I'm very new to php and sql syntax and the guides I'm finding online are all completely different from each other as if they keep updating php.

Answer 1

Try reviewing this part:

$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";

The syntax is:

$query = "INSERT INTO table (column) VALUES ('$strvar')";

What is the column name you wanted to insert into?
If it is username.CINIDAT then try removing the qoutes.

Like this:

$query = "INSERT INTO CiniUsers (username.CINIDAT) VALUES ('$username')";

or maybe your column is named username so:

$query = "INSERT INTO CiniUsers (username) VALUES ('$username')";

---

UPDATE
The query from your comment, change it to this:

$query = "INSERT INTO CiniUsers (username.CINIDAT) VALUES ('$username')";

Answer 2

The format for the SQL statement is as so:

INSERT INTO nameOfTable (column1, column2, column3, etc) VALUES ('column1', 'column2', 'column3', 'etc')

You MUST make sure that you are using the field names exactly as they are stored in MySQL. Your SQL could appear like so:

$query = "INSERT INTO CiniUsers (username) VALUES('$username')";

OR

$query = "INSERT INTO CiniUsers (username) VALUES('{$username}')";

Another thing that may help is that your die() statement is not very helpful. Yes, it is a bummer when your php program quits early, but it will save you a lot of time and frustration if you know why it quit. Although you may still be learning PHP and MySQL and may not know what the errors mean, they will start to make sense the more you see them and can tell you whether your query was bad, the connection failed or many more things. Change to something like this:

$connect = mysql_connect("CiniCraftData.db.55555555.hostedresource.com", "CiniCraftData", "*********") or die("Couldn't Connect: mysql_error()");
mysql_select_db("CiniCraftData") or die ("Couldn't Find Database: mysql_error()");
...
$result = mysql_query($query) or die("Some kind of error occurred...Query failed: mysql_error()");

You find that seeing the mysql_error() will help you solve problems like this much faster.

USE phpMyAdmin to test your query out, your query may be working perfectly. It is really the only way to know for sure. Use the suggested SQL and replace the PHP variable with some dummy data like "testUsername_1". If the query works, you will have manually added the username to the db, if not, the problem lies in SQL statement.

Here is some documentation on SQL INSERT INTO statements if you need more details: http://www.w3schools.com/sql/sql_insert.asp

Answer 3

I think you should use mysqli or pdo. This liberary you are using is deprecated.

That said, what is username.CINIDAT? I think this is where your problem is. It should be something like this

$query = "INSERT INTO CiniUsers (username) VALUES('$username')";

I am assuming that CiniUsers is the table name and username is the column name.

Answer 4

The simplest way is to build the query by concatenating the statement with the value.

$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('".$username."')";

Without validation, this is not a very good idea, or something like this is very easy.