PHP 和 mysql 不插入 [英] PHP and mysql not INSERTing

查看:38
本文介绍了PHP 和 mysql 不插入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

<html>
<head>
<title> Register </title>
</head>
<body>

Thanks for showing interest, please register below.
<br>


<br/>
<form action="register.php" method="POST">
Username: <input type="text" name="username">
<br>

</br>
Password: <input type="password" name="password">
<br>

</br>
Age:      <input type="text" name="age">
<br>

</br>
Car:      <input type="text" name="car">
<br>


<input type="submit" value="register"/>
<input type="reset" value="Reset fields"/>
</form>

<?php

    //db connect
    $host="localhost"; 
    $dbuser="site1login";
    $dbpass="site1login";
    $dbname="login";
    $tblname="userdata";

    //form post
    $Username=$_POST['username'];
    $Password=$_POST['password'];
    $Age=$_POST['age'];
    $Car=$_POST['car'];
    $con = mysql_connect("$host","$dbuser","$dbpass") or die (mysql_error());

    mysql_select_db($dbname, $con);

    $result = mysql_query("INSERT INTO `userdata` (Username,Password,Age,Car) VALUES ($Username, $Password, $Age, $Car)" or die(mysql_error()));
    echo "Success!";

?>

</body>

</html>

所以,这是我的代码 - 我很困惑 - 它不起作用 - 它说成功",但没有插入任何东西

So, that's my code - I'm confused - it doesn't work - it says "success", but not inserted e anything

推荐答案

更改以下部分 - 

$result = mysql_query("INSERT INTO `userdata` (Username,Password,Age,Car) VALUES 
             ($Username, $Password, $Age, $Car)" or die(mysql_error()));
echo "Success!";

进入这个 - 

$result = mysql_query("INSERT INTO userdata (Username,Password,Age,Car) VALUES 
          ('$Username', '$Password', '$Age', '$Car')");

if($result)
{
    echo "Success!";
}
else
{
    die(mysql_error());    // Thanks to Pekka for pointing this out.
}

如果上述方法不起作用,请尝试检查您的连接参数是否正常以及 MySQL 是否正在运行.

If the above doesn't work, try checking if your connection parameters are ok and if MySQL is running.

您还应该测试 $resut 值以检查是否有任何成功的查询执行发生 -

Also you should test the $resut value to check whether any successful query execution has occured - 

if($result)
{
    // Successful query execution
}
else
{
    // Some error occured while executing query.
    // Show some useful information using echo/print.
    // Then stop execution after taking other necessary steps
}

编辑

正如 Pekka 提到的,您的数据库容易受到SQL 注入 攻击,因为您没有进行清理您的输入.您应该至少使用 mysql_real_escape_string 方法来确保这不会发生.

As Pekka has mentioned, your database is vulnerable to SQL Injection attack since you are not sanitizing your input. You should use at least mysql_real_escape_string method to ensure that this doesn't occur.

这篇关于PHP 和 mysql 不插入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆