[英]PHP won't insert into MySQL, no error
$sql = "INSERT INTO $table_name VALUES
('$_POST[firstname]', '$_POST[lastname]', '$_POST[username]', password('$_POST[password]'), 'Users', '', '', '$pchange',
'$_POST[email]', '$default_url', '$verify', '', 0, '', 0)";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$ sql,$ connection和$ table_name都有效,並且以前在腳本和數據庫中使用過,這就是我的數據庫的樣子:
firstname varchar(20) latin1_swedish_ci Yes NULL Change Drop More
lastname varchar(20) latin1_swedish_ci Yes NULL Change Drop More
username varchar(20) latin1_swedish_ci Yes NULL Change Drop More
password varchar(50) latin1_swedish_ci Yes NULL Change Drop More
group1 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
group2 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
group3 varchar(20) latin1_swedish_ci Yes NULL Change Drop More
pchange varchar(1) latin1_swedish_ci Yes NULL Change Drop More
email varchar(100)latin1_swedish_ci Yes NULL Change Drop More
redirect varchar(100)latin1_swedish_ci Yes NULL Change Drop More
verified varchar(1) latin1_swedish_ci Yes NULL Change Drop More
last_login date Yes NULL Change Drop More
balance double UNSIGNED Yes 0 Change Drop More
address varchar(60) latin1_swedish_ci Yes NULL Change Drop More
lostbalance double Yes 0 Change Drop More
提前致謝。
由於@沒有錯誤:
@mysql_query($sql,$connection) or die(mysql_error());
@禁止來自mysql_query()函數的錯誤。
我在您的陳述中看到多個錯誤:
'$_POST[firstname]'
-假定為$_POST['firstname']
。 將值存儲在變量中或使用串聯: "'.$_POST['firstname'].'"
使用mysql_query($sql) or die(mysql_error());
轉義您存儲在數據庫中的所有數據。
首先,保留任何用戶輸入未經過濾不是良好的安全做法,因為很快您將成為SQL注入和/或XSS攻擊的受害者。 您應該通過以下方式過濾用戶輸入:
$var = filter_var($_POST['var']), FILTER_SANITIZE_STRING);
然后,您應該在SQL查詢中使用該$var
,而不是直接使用$_POST['var'].
即:
$sql = "INSERT INTO $table_name VALUES
('$firstname', '$lastname', '$username', password('$password'), 'Users', '', '', '$pchange',
'$email', '$default_url', '$verify', '', 0, '', 0)";
您必須在“ VALUES”前面命名表列
INSERT INTO $table_name (field_1, field2, ...) VALUES ($_POST_1, ...)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.