stackoom
  简体   繁体   中英

Cannot insert into table. PHP/MySQL

 原文  2013-05-25 19:03:44       php/ mysql

Question

I have a table named 'Directors' in the database 'db2'. I have an HTML form. I would like when I insert the values and hit submit button, to insert the content into the table in a new row (to INSERT INTO), after it makes some validations (you'll notice them in the script). I've tried to do it by myself, but it is always echoing me 'Fail'; This is my HTML form: 

    <form action="process.php" method="post" accept-charset="utf-8">
<input type="hidden" name="pages_edit_nonce" />        

            <div class="section-item page-title-section">
                <label for="title">Full Name:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="name" value=""  /></div>        </div>



    <div class="section-item">
        <label for="label">Phone:</label><span class="help">*Optionally</span><div class="input-wrap"><input type="text" name="phone" value=""  /></div>        </div>

    <div class="section-item">
        <label for="redirect">Е-mail:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="email" value="" placeholder=""  /></div>        </div>

    <div class="section-item">
        <label for="redirect">School:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="school" value="" placeholder=""  /></div>        </div>

    <div class="section-item">
        <label for="redirect">City:</label><span class="help">*</span><div class="input-wrap"><input type="text" name="city" value="" placeholder=""  /></div>        </div>

    <div class="section-item">
        <label for="redirect">Password:</label><span class="help">*</span><div class="input-wrap"><input type="password" name="password" value="" placeholder=""  /></div>        </div>

    <div class="admin-bar">
        <div class="admin-bar-inner">


            <input type="submit" value="Submit" class="btn" />
        </div>
    </div>

    </form>

This is my process.php file: 

$server = "localhost";
    $user = "****";
    $pass = "****";

    $conn = mysql_connect($server, $user, $pass);
    $db = mysql_select_db("****", $conn);
    session_start();
    if(!$db) {
        $_SESSION['ERRMSG'] = "<strong>Error:</strong> The access to the database is denied!";
        header("Location: ../../admin/error/");
        exit();
    }

    session_start();

    function UniqueID() {
        $UID = rand(); //Create unique ID
        $check = mysql_query("SELECT * FROM `Directors` WHERE `UID` = '$UID'");
        if(mysql_num_rows($check) > 0) { //Check if it exists
            UniqueID(); //Redo the function
        } else {
            return $UID; //return the uniqueid
        }
    }

    $UID = UniqueID(); //Unique ID
    $email = $_POST['email']; 
    $password = $_POST['password']; 
    $name = $_POST['name']; 
    $phone = $_POST['phone']; 
    $school = $_POST['school'];
    $city = $_POST['city']; 

    //Create INSERT query
    $qry = "INSERT INTO `oclass`.`Directors`(`UID`,`Name`, `Phone`, `Email`, `SchoolGymnasium`, `City`, `Password`) VALUES('$UID','$name','$phone','$email','$school','$city','" . md5($password) . "')";
    $result = mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        $_SESSION['SUCCMSGADDDIR'] = 'Sucessful.';
        header("location: URL");
        exit();
    } else {
        $_SESSION['ERRMSGADDDIR'] = 'Fail';
        header("location: URL");
    }

After changing the error session with mysql_error() it gave me the following error: Fatal error: Can't use function return value in write context in ... on line 10; Line 10 is: 

mysql_error() = "<strong>Error:</strong> The access to the database is denied!";

I've removed the column named ID (which was Primary Key) and set UID column as Primary Key, and now is working. Thank you guys.

1 answers

solution1
 0  2013-05-26 05:00:17

Firstly you must have never heard of SQL injection http://en.wikipedia.org/wiki/SQL_injection . Your current code is opening you up for attacks. You can't directly insert user input into the database like you're doing. Also mysql_* functions are deprecated. To help your code be safer and more update try something like this: 

session_start();

$host = "localhost";
$user = "****";
$pass = "****";
$db   = "****";

$dbh = new PDO("mysql:host=$host;dbname=$db", $user, $pass);  
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$stmt = $dbh->prepare("INSERT INTO `oclass`.`Directors`(`UID`,`Name`, `Phone`, `Email`, `SchoolGymnasium`, `City`, `Password`) VALUES (:uid, :name, :phone, :email, :school, :city, :password)");

$stmt->bindParam(':uid',      uniqid());
$stmt->bindParam(':name',     $_POST['name']);
$stmt->bindParam(':phone',    $_POST['phone']);
$stmt->bindParam(':email',    $_POST['email']);
$stmt->bindParam(':school',   $_POST['school']);
$stmt->bindParam(':city',     $_POST['city']);
$stmt->bindParam(':password', md5($_POST['password']));

$stmt->execute();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question looping with a query and lookup table. mysql & php PHP: cannot INSERT into MYSQL table using PDO Insert into table cannot be done PHP/mySQL cannot insert array into table mysql php Cannot insert data into mysql table via php Save button for each row in the table. PHP MYSQL Add multiply rows on a table. PHP-MySQL PHP/MySQL Cannot INSERT INTO Insert into MySQL Table PHP MySQL PHP - Cannot insert/update new values to table
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM