stackoom
  简体   繁体   中英

SQL Query Not Functioning - No Error Message

 原文  2010-03-23 01:51:34       php/ sql/ mysql

Question

ORIGINAL TEXT REMOVED

OK, so I found the original problem thanks to a helpful answer. It lists "Invalid query: No database selected" as the error. 

require_once ('../dir_connect.php');            

$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
        if (!$dbc) {
            die('Could not connect: ' . mysql_error());
        }

If I have this, and I have this in the dir_connect.php file: 

/** The name of the database */
define('DB_NAME', 'unlisted_employees');

/** MySQL database username */
define('DB_USER', 'unlisted_qpass');

/** MySQL database password */
define('DB_PASSWORD', 'testpass');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Is there something I need to add to make an actual database connection?

4 answers

solution1
 4 ACCPTED  2010-03-23 01:58:05

You need to check the return value of the mysql_query() call.

http://php.net/manual/en/function.mysql-query.php 

$result = mysql_query($query);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

Right now, you'll never actually hit the error condition and won't actually see what (if any) error that MySQL is sending back to you.

Also, you probably want to escape the values you are plugging into the query instead of just doing normal string concatentation. If you don't, your app could be vulnerable to a SQL injection attack. Here is how to generate the query safely: 

$query = sprintf("INSERT INTO staff (name, lastname, username, password, position, department, birthmonth, birthday, birthyear, location, phone, email, street, city, state, country, zip, tags, photo) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
                mysql_real_escape_string($name),
                mysql_real_escape_string($lastname),
                mysql_real_escape_string($username),
                mysql_real_escape_string($password),
                mysql_real_escape_string($position),
                mysql_real_escape_string($department),
                mysql_real_escape_string($birthmonth),
                mysql_real_escape_string($birthday),
                mysql_real_escape_string($birthyear),
                mysql_real_escape_string($location),
                mysql_real_escape_string($phone),
                mysql_real_escape_string($email),
                mysql_real_escape_string($street),
                mysql_real_escape_string($city),
                mysql_real_escape_string($state),
                mysql_real_escape_string($country),
                mysql_real_escape_string($zip),
                mysql_real_escape_string($tags),
                mysql_real_escape_string($photo));

EDIT: Just saw your comment to another answer. If you are already doing the escaping like: 

$birthday = mysql_real_escape_string(trim($_POST['birthday']));

then you don't need to escape it when generating the query. It's probably better practice to do the escaping at the time you generate the query so it is clear that you aren't missing anything.

EDIT2: According to the docs, mysql_connect() should take the host, user, and password and then you need to do a mysql_select_db() call afterwards to pick the correct database.

http://www.php.net/manual/en/function.mysql-select-db.php 

$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$dbc) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db(DB_NAME, $dbc);
if (!$db_selected) {
    die ('Could not select database: ' . mysql_error());
}

(BTW, you should edit your question and put back the original text so it might be useful to others finding this topic later!)

solution2
 0  2010-03-23 01:56:54

You should be using something like mysql_real_escape_string (or whatever is appropriate for your DB engine) to escape the parameters in your query. Check out the documentation that I linked to. It's been a while since I've used PHP, but someone may chime-in with a better parametrized escaping method.

But, your main problem seems to be that you're inserting strings into integer fields. Check the values of your zip, birthmonth, birthday, birthyear, etc fields... they probably don't need to be escaped with single quotes.

Good luck!

solution3
 0  2010-03-23 01:59:29

No connection to the database?

mysql_query() returns false on failure and generates a warning, not an error.

By the way, !$query does not tell you anything as far as mysql is concerned as it is just a text string.

solution4
 0  2010-03-23 02:03:11

The problem is here: 

if (!$query) {
    die('Invalid query: ' . mysql_error());
}

You are checking the $query variable to decide if the query ran or not, which makes no sense. Instead you need to collect the return value of the mysql_query and then make use of it instead. 

$res = mysql_query($query);
if (!$res) {
    die('Invalid query: ' . mysql_error());
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question sql select query is not functioning properly SQL Query fails with no error message PHP SQL query error message PHP SQL database query error message SQL query not functioning correctly, getting no output with a perfectly fine query SQL query not functioning on online server, working on local server How to add an error message in my_sql query SQL UPDATE query with prepared statement syntax issue, no error message Database query not functioning as expected Update query not functioning
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM