如何将元素插入mysql数据库 [英] how to insert elements to mysql database
问题描述
我正在学习mySQL.这里我有一个名为"practice"的数据包,它有一个名为"users"的表.该表有四列.
username,password,firstname,lastname;
我有一个表单字段来获取用户输入,该字段将插入到我的mysql表中.但是每当我想向表中插入新用户时,都会出现错误.这可能是此问题的原因吗??
错误:插入用户(用户名,密码,名字,姓氏) 价值观(Nelson,101a6ec9f938885df0a44f20458d2eb4,Nelson,曼德拉)您 您的SQL语法有错误;检查对应的手册 您的MySQL服务器版本,以在')VALUES附近使用正确的语法 (Nelson,101a6ec9f938885df0a44f20458d2eb4,Nelson,Mandela)"位于第1行
<?php
if(isset($_POST['name']) &&isset($_POST['password'])){
if(!empty($_POST['name']) && !empty($_POST['password'])){
$servername = $_SERVER['SERVER_NAME'];
$username = "root";
$password = "";
$dbname = "practice";
$user=htmlentities($_POST['name']);
$firstname=htmlentities($_POST['firstname']);
$lastname=htmlentities($_POST['lastname']);
$pass=md5(htmlentities(filter_var($_POST['password'],FILTER_SANITIZE_STRING)));
echo $password;
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO users (username,password,firstname,lastname)
VALUES ($user,$pass,$firstname,$lastname)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "ERROR: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
}
?>
<form action='foreach.php' method='post'>
name :<input type='text' name='name' placeholder='name'></br>
firstname : <input type='text' name='firstname' placeholder='firstname'></br>
lastname : <input type='text' name='lastname' placeholder='lastname'></br>
password :<input type='text' name='password' placeholder='password'></br>
<input type='submit'>
</form>
由于您在编辑中删除了结尾的逗号且未将其标记为编辑:
<罢工>
删除lastname,< =中的结尾逗号
引用您的值,因为它们是字符串
VALUES ('$user','$pass','$firstname','$lastname')
在附加说明上:
您当前的代码已开放给 SQL注入 .使用 mysqli带有准备好的语句 ,或 带有准备好的语句的PDO .
您似乎还使用MD5存储密码,强烈建议您不要使用MD5,因为它很旧并且被认为已损坏.
对于密码存储,请使用 CRYPT_BLOWFISH 或PHP 5.5的 password_hash() compatibility pack .
阅读有关MD5的这些文章:
- > https://security.stackexchange.com/questions/19906/is-md5-considered -不安全
- http://en.wikipedia.org/wiki/MD5
am learning mySQL.Here i have a databale called "practice" and it has a table called "users".This table has four column.
username,password,firstname,lastname;
i have a form field to get user input which will be inserted into my mysql table.But whenever i want to insert a new user to the table it gives an error.What might be the reason behind this problem??
ERROR: INSERT INTO users (username,password,firstname,lastname,) VALUES (Nelson,101a6ec9f938885df0a44f20458d2eb4,Nelson,Mandela) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES (Nelson,101a6ec9f938885df0a44f20458d2eb4,Nelson,Mandela)' at line 1
<?php
if(isset($_POST['name']) &&isset($_POST['password'])){
if(!empty($_POST['name']) && !empty($_POST['password'])){
$servername = $_SERVER['SERVER_NAME'];
$username = "root";
$password = "";
$dbname = "practice";
$user=htmlentities($_POST['name']);
$firstname=htmlentities($_POST['firstname']);
$lastname=htmlentities($_POST['lastname']);
$pass=md5(htmlentities(filter_var($_POST['password'],FILTER_SANITIZE_STRING)));
echo $password;
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO users (username,password,firstname,lastname)
VALUES ($user,$pass,$firstname,$lastname)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "ERROR: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
}
?>
<form action='foreach.php' method='post'>
name :<input type='text' name='name' placeholder='name'></br>
firstname : <input type='text' name='firstname' placeholder='firstname'></br>
lastname : <input type='text' name='lastname' placeholder='lastname'></br>
password :<input type='text' name='password' placeholder='password'></br>
<input type='submit'>
</form>
Edit: Since you removed the trailing comma in an edit and without marking it as an edit:
Remove the trailing comma in lastname, <=
Quote your values, since they're strings
VALUES ('$user','$pass','$firstname','$lastname')
On an added note:
Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements.
You also seem to be storing passwords using MD5, which is highly discouraged, it is old and considered broken.
For password storage, use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
Read these articles regarding MD5:
- https://security.stackexchange.com/questions/19906/is-md5-considered-insecure
- http://en.wikipedia.org/wiki/MD5
这篇关于如何将元素插入mysql数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
