Fatal编程技术网
  • php/
  • Php 简单查询未运行

Php 简单查询未运行

php mysql

Php 简单查询未运行,php,mysql,Php,Mysql,首先,我知道我对SQL注入持开放态度,这只是一个原型。但它仍然应该起作用 就我的一生而言,我不明白为什么我不能从我的阵列中取出一件物品。我可能做错了什么?我一直在摆弄这个看似简单的查询太久了,我似乎无法让它提取数据。我觉得事情很简单 $query = 'SELECT * FROM users WHERE email = "' . $email . '"'; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetc

首先,我知道我对SQL注入持开放态度,这只是一个原型。但它仍然应该起作用

就我的一生而言,我不明白为什么我不能从我的阵列中取出一件物品。我可能做错了什么?我一直在摆弄这个看似简单的查询太久了,我似乎无法让它提取数据。我觉得事情很简单

$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
我没有得到$ID的结果

这是我的全部代码:

<html>
<head>
<?php

$email = $_GET["email"];
$servername="localhost";
$username="*****";
$password="*****";
$database="*****";
$conn= mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db("$database",$conn);


$query = 'SELECT email FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());



//Checks if the email address exists in the system already
if (mysql_num_rows($result) ) {
        die("Duplicate email found!");
    }
    else {
          //use current date/time combination times the number 11 times the ID to get a unique confirmation number.
          $query = 'SELECT * FROM users WHERE email = "' . $email . '"';
          $result = mysql_query($query) or die(mysql_error());
          $row = mysql_fetch_assoc($result);
          $ID = $row['ID'];
          echo $row;
          $date = date("mydhis");
          $date2 = $date * 11 * $ID;
          echo $ID . "  <-> " . $date . "  <->  <p>" . $date2;
          $sql="insert into users (first,last,displayname,email,password,verification_email)values('$_GET[first]','$_GET[last]','$_GET[display]','$_GET[email]','$_GET[password]','$date2')";
          $result=mysql_query($sql,$conn) or $string = mysql_error();
          $confirmlink = "http://www.somewebsite.com/android/confirm.php?" . $date2;


          $to = $_GET['email'];
          $subject = "Thank you for Registering!";
          $message = "Hello " . $_GET['display'] . " and thank you for registering with the Smeet app!  To confirm your email address (and let us know you aren't a bot), please click the following link: " . $confirmlink;
          $from = "noreply@smeet.com";
          $headers = "From:" . $from;
          mail($to,$subject,$message,$headers) or die('You have successfully registered however mail servers are currently down, you may or may not receive a confirmation email');

          print "<h1>You have registered successfully</h1>";
          print "You will receive an email shortly with instructions on how to confirm your email address.</a>";
    }
?>

 </body>
 </html>
感谢您对解决此问题的帮助。

这是一个简单的答案,我找到了答案

我的$ID是在创建记录之前被提取的,这就是为什么它是空白的!我犯了愚蠢的错误。

使用事先准备好的陈述。不要使用连接构建SQL语句。它会让你接受SQL注入。它会像电子邮件一样简单吗=someone@somewhere.com不在URL中?另外,处理这个问题的方法也不好。你容易受到注射攻击。见克里斯的评论。切换到mysqli或PDO并使用prepared语句OP在使用POST而不是get@KaiQing时会少一些麻烦可能是什么问题。GET方法可能在玩一些恶作剧。@OP why 2x of$query='从email='的用户中选择电子邮件'$电邮";;$result=mysql\u query$query或diemsql\u error?我不明白。您只需要使用一个。将查询中的单引号更改为双引号,反之亦然:$query=SELECT email FROM users WHERE email='$电邮";;