Php MYSQL插入不工作
我不明白为什么我的SQL插入不起作用Php MYSQL插入不工作,php,mysql,insert,Php,Mysql,Insert,我不明白为什么我的SQL插入不起作用 <?php $sub = $_POST['submit']; if($sub) { $title = $_COOKIE['newstitle']; $body = $_COOKIE['newsbody']; $sneak = $_COOKIE['newssneak']; $date = date("Y-d-m"); $postedby = $_COOKIE['userlogin']; $connect = mysql_connect("loca
<?php
$sub = $_POST['submit'];
if($sub)
{
$title = $_COOKIE['newstitle'];
$body = $_COOKIE['newsbody'];
$sneak = $_COOKIE['newssneak'];
$date = date("Y-d-m");
$postedby = $_COOKIE['userlogin'];
$connect = mysql_connect("localhost","admin","00904684") or die("Couldn't Connect!");
mysql_select_db("dr") or die("Couldn't find DB.");
$insert = mysql_query
("
INSERT INTO news(`id`,`title`,`summary`,`body`,`date`,`postedby`)
VALUES ('NULL','".$title."','".$sneak."','".$body."','".$date."','".$postedby."')
");
mysql_close($connect);
header('Location: ../index.php');
}
else echo (mysql_error());
?>
是否允许ID为空?您可以试试这个
INSERT INTO news(`title`,`summary`,`body`,`date`,`postedby`)
VALUES ('".$title."','".$sneak."','".$body."','".$date."','".$postedby."')
通过从insert中删除Id字段,它将成为默认值,即null或auto inc.您没有逃避您的输入,这使您对SQL注入敞开了大门—这可能是您的问题。我敢打赌“摘要”在内容中只有一个引号,这会破坏您的查询。你应该做:
$title = mysql_real_escape_string($_COOKIE['newstitle']);
$body = mysql_real_escape_string($_COOKIE['newsbody']);
$sneak = mysql_real_escape_string($_COOKIE['newssneak']);
$date = date("Y-d-m");
$postedby = mysql_real_escape_string($_COOKIE['userlogin']);
如果您真的想在ID字段中插入字符串'NULL',那么应该可以。我怀疑您的意思是安装NULL(注意没有引号),意思是“没有值”。如果是这样的话,请删除引号,或者像@nhutto所说的那样,删除整个列。这是我的尝试
<?php
if($sub)
{
$title = mysql_real_escape_string($_COOKIE['newstitle']);
$body = mysql_real_escape_string( $_COOKIE['newsbody']);
$postedby = mysql_real_escape_string($_COOKIE['userlogin']);
$sneak = mysql_real_escape_string($_COOKIE['newssneak']);
$date = date('Y-d-m');
$connect = mysql_connect('Localhost', 'admin', '00904684') or die('Could not connect to database.');
mysql_select_db('dr') or die('Could not find database.');
$insert = mysql_query('INSERT_INTO news(`title`, `summary`, `body`, `date`, `postedby`)
VALUES(\''. $title . '\', \''. $sneak . '\', \''. $body . '\', \''. $date . '\', \''. $postedby . '\')');
mysql_close();
header('Location: ../index.php');
}
else {
echo mysql_error();
}
添加一个if(!$insert)echo mysql_error()代码>要查看mySQL抛出了什么错误,您有什么错误?如果我编辑我的newsttitle
cookie,使其值为“或1=1;
?mysql\u real\u escape\u string()
在本例中是您的朋友,或者PDO是更好的朋友:)1.请阅读有关mysql\u real\u escape\u string的内容--2.尝试回写mysql\u error()在查询之后立即查看您得到的错误并将其发布到此处。谢谢这是一个好消息。我看不到任何语法问题,因此这是一个很好的选择。+1