stackoom
  简体   繁体   中英

PHP won't insert into MySQL, no error

 原文  2012-05-10 13:35:08       php/ mysql

Question

$sql = "INSERT INTO $table_name VALUES
('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', password('$_POST[password]'), 'Users', '', '', '$pchange', 
'$_POST[email]', '$default_url', '$verify', '', 0, '', 0)";

$result = @mysql_query($sql,$connection) or die(mysql_error());

$sql, $connection and $table_name are all valid and are used previously in the script and the database, this is how my database looks like: 

firstname   varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
lastname    varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
username    varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
password    varchar(50) latin1_swedish_ci       Yes NULL          Change      Drop   More 
group1      varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
group2      varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
group3      varchar(20) latin1_swedish_ci       Yes NULL          Change      Drop   More 
pchange     varchar(1)  latin1_swedish_ci       Yes NULL          Change      Drop   More 
email       varchar(100)latin1_swedish_ci       Yes NULL          Change      Drop   More 
redirect    varchar(100)latin1_swedish_ci       Yes NULL          Change      Drop   More 
verified    varchar(1)  latin1_swedish_ci       Yes NULL          Change      Drop   More 
last_login  date                                Yes NULL          Change      Drop   More 
balance     double      UNSIGNED                Yes 0             Change      Drop   More 
address     varchar(60) latin1_swedish_ci       Yes NULL          Change      Drop   More 
lostbalance double                              Yes 0             Change      Drop   More

Thanks in advance.

3 answers

solution1
 4 ACCPTED  2012-05-10 13:38:04

No error because of @: 

@mysql_query($sql,$connection) or die(mysql_error());

The @ suppresses the errors from the mysql_query() function.

I see multiple errors in your statements:

  1. '$_POST[firstname]' - is suppossed to be $_POST['firstname'] . Store the value in a variable or use concatenation: "'.$_POST['firstname'].'"

  2. Use mysql_query($sql) or die(mysql_error());

  3. Escape all the data you are storing in the db.

solution2
 1  2012-05-10 13:40:30

First of all, it is not good security practice to leave any user input unfiltered, because soon you will be victim of SQL injection and/or XSS attacks. You should filter your user input this way:

$var = filter_var($_POST['var']), FILTER_SANITIZE_STRING);

Then you should use this $var in your SQL query, instead of directly using the $_POST['var']. ie: 

$sql = "INSERT INTO $table_name VALUES
('$firstname', '$lastname', '$username', password('$password'), 'Users', '', '', '$pchange', 
'$email', '$default_url', '$verify', '', 0, '', 0)";

solution3
 -2  2012-05-10 13:37:01

您必须在“ VALUES”前面命名表列

INSERT INTO $table_name (field_1, field2, ...) VALUES ($_POST_1, ...)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP won't insert data to Mysql database - No error thrown PHP: String won't insert into MySQL database PHP+MYSQL Won't Insert Into Database PHP Date only won't insert into Mysql PHP/MySQL won't INSERT and echo as it should? php won't insert into mysql. no errors PHP form won't insert into MYSQL PHP MySQL insert statement won't insert data into my database PHP MySQL Insert Query that won't insert if already exists PHP error. “ Undefined index” the data from the form won't insert into the mysql database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM