将会话变量插入 MySQL 数据库 [英] Insert session variable into MySQL database

问题描述

嘿，我是 PHp 的新手，我正在尝试将详细信息输入到我的数据库中.我正在尝试输入一个事件名称 - 用户输入(POST)和登录用户的用户名.

Hey I am new to PHp and I am trying to enter details into my database. I am trying to enter an eventname- which the user enters (POST) and the username of the logged in user.

我创建了会话来存储用户用户名，我拥有的代码是

I have created sessions to store users usernames, the code i have is

$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername']

$sql = mysql_query("INSERT INTO $tbl_nameVALUES('','$eventname','$_SESSION['myusername'])");

echo "You have been added to the event";

是 $sql 语句给出了错误?任何帮助将不胜感激.

Its the $sql statement which is giving the error? any help would be much appreciated.

谢谢大家！

推荐答案

这里有几个潜在的问题.

There are several potential problems here.

首先，您没有针对 SQL 注入转义 eventname.我们希望 myusername 已经是安全的.如果之前没有过滤过，也可以在 $_SESSION['myusername'] 上使用 mysql_real_escape_string().

First, you have not escaped eventname against SQL injection. We assume hopefully that myusername is already safe. If it has not been previously filtered, also use mysql_real_escape_string() on $_SESSION['myusername'].

$eventname = mysql_real_escape_string($_POST['eventname']);

// Then you need space before VALUES and are missing a closing quote on $_SESSION['myusername'], which should be in {}
$sql = mysql_query("INSERT INTO $tbl_name VALUES('','$eventname','{$_SESSION['myusername']}')");

最后，为了使语句起作用，它假设您在 $tbl_name 中正好有三列.您应该明确使用的列.为 colname1, event_name, username 替换正确的列名.

Finally, in order for the statement to work, it assumes you have exactly three columns in $tbl_name. You should be explicit about the columns used. Substitute the correct column names for colname1, event_name, username.

$sql = mysql_query("INSERT INTO $tbl_name (colname1, event_name, username) VALUES('','$eventname','{$_SESSION['myusername']}')");

通过mysql_error()进行一些基本的错误检查，将向您揭示SQL语法错误的确切位置.

The exact locations of SQL syntax errors will be revealed to you with some basic error checking via mysql_error().

$sql = mysql_query(<your insert statement>);
if (!$sql) {
  echo mysql_error();
}

这篇关于将会话变量插入 MySQL 数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！