1. 首頁
  2. 問答
  3. 我如何在數據庫中插入記錄

我如何在數據庫中插入記錄

2016-07-13 76 views
0

我試圖從我的表單插入一條記錄到數據庫中,但點擊提交後會顯示「您的SQL語法錯誤;檢查與您的對應的手冊MySQL服務器版本正確的語法」錯誤.... 請幫我我如何在數據庫中插入記錄

<?php 
include('data_conn.php'); 

if(isset($_POST['subm'])){ 

    $email = mysql_real_escape_string($_POST['email']); 
$query = "SELECT * FROM login WHERE email='$email'"; 
    $result = mysql_query($query) or die(mysql_error()); 

    if (mysql_num_rows($result)) { 
     echo '<script language="javascript">'; 
    echo 'alert("Email is Already Exist...."); location.href="signup.php"'; 
    echo '</script>'; 
    } 
    else { 
     $f_name = $_POST['f_name']; 

     $c_name = $_POST['c_name']; 
     $c_add = $_POST['c_add']; 
     $mob = $_POST['mob']; 
     $email = $_POST['email']; 
     $password = $_POST['password']; 



     $query = "INSERT INTO login (first_name,company_name,company_add,mob,email,password) VALUES ('$f_name,'$c_name','$c_add','$mob','$email','$password')"; 


     $result = mysql_query($query) or die(mysql_error()); 


     if($result==1) 
    { 
     echo '<script language="javascript">'; 
    echo 'alert("successfully registered!!!"); location.href="signup.php"'; 
    echo '</script>'; 
    } 
    else 
    { 
     echo '<script language="javascript">'; 
    echo 'alert("Something Went Wrong!!! :("); location.href="signup.php"'; 
    echo '</script>'; 
    } 
    } 
} 
?>

來源

2016-07-13 Rkboss

+0

mysql_ *函數已過時並已從PHP 7中刪除。您應該使用更現代的庫,如mysqli或PDO – GordonM

回答

1

更改以下行

$query = "INSERT INTO login (first_name,company_name,company_add,mob,email,password) VALUES ('$f_name,'$c_name','$c_add','$mob','$email','$password')";

對此

$query = "INSERT INTO login (first_name,company_name,company_add,mob,email,password) VALUES ('$f_name','$c_name','$c_add','$mob','$email','$password')";

問題是,您只向變量$f_name添加了一個'。只是使它像'$f_name',它會工作

來源

2016-07-13 09:33:28 Arun

+0

Thnx ...它的工作原理! – Rkboss

+0

@Rkboss,很高興。請接受答案:) – Arun

0

而不是使用直接替代值,您可以使用下面的方法,以避免SQL注入。

你基本上有兩種選擇來實現這一目標:

1)使用PDO(任何支持的數據庫驅動程序):

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name'); 

$stmt->execute(array('name' => $name)); 

foreach ($stmt as $row) { 
    // do something with $row 
}

2)使用庫MySQLi(MySQL的):

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); 
$stmt->bind_param('s', $name); 

$stmt->execute(); 

$result = $stmt->get_result(); 
while ($row = $result->fetch_assoc()) { 
    // do something with $row 
}

請參考How can I prevent SQL injection in PHP?

來源

2016-07-13 09:36:45 Tamil

0

語法er ROR。
嘗試:

$query = "INSERT INTO login (first_name,company_name,company_add,mob,email,password) VALUES ('$f_name','$c_name','$c_add','$mob','$email','$password')";

代替:

$query = "INSERT INTO login (first_name,company_name,company_add,mob,email,password) VALUES ('$f_name,'$c_name','$c_add','$mob','$email','$password')";

缺少單引號'$f_name'

來源

2016-07-13 09:36:59

相關問題

 相關問題