Fatal编程技术网
  • php/
  • Php 每一次死亡的白色屏幕。我做错了什么?

Php 每一次死亡的白色屏幕。我做错了什么?

php mysql

Php 每一次死亡的白色屏幕。我做错了什么?,php,mysql,Php,Mysql,我完全不懂PHP,也不懂mysql,所以你知道我对HMTL和CSS有丰富的经验。我所需要的只是在我的网站上的一个表单,将表单中的信息上传到我的数据库中。问题是,单击“提交”按钮只会打开一个空白选项卡,其中包含my.php文件的地址,并显示一个空白的白色屏幕。php文件如下所示 <?php $hostname = "myHostName"; $username = "PreRegCustomers"; $dbname = "PreRegCustomers"; $password = "myP

我完全不懂PHP,也不懂mysql,所以你知道我对HMTL和CSS有丰富的经验。我所需要的只是在我的网站上的一个表单,将表单中的信息上传到我的数据库中。问题是,单击“提交”按钮只会打开一个空白选项卡,其中包含my.php文件的地址,并显示一个空白的白色屏幕。php文件如下所示

<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
connect to database! Please try again later.");
mysql_select_db($dbname);

$sql = "INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 

VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";

$sql="INSERT INTO $usertable (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName)

VALUES ('".$_POST[firstName]."', '".$_POST[lastName]."', '".$_POST[streetAddress]."', '".$_POST[city]."', '".$_POST[state]."', '".$_POST[zip]."', '".$_POST[country]."', '".$_POST[email]."', '".$_POST[phone]."', '".$_POST[badgeName]."')";
?>

$\u POST[firstName]
应该是
$\u POST['firstName']
,依此类推


mysql_query($sql) or die('MySQL Error: ', mysql_error());

echo 'Data inserted';



您现在不应该使用mysql,它已被弃用。使用PDO执行此操作据我所知,此代码仅连接到数据库并设置变量$sql。您是否真的在任何地方执行查询?你在屏幕上打印东西吗?
首先


$_POST[firstname] should be $_POST['firstname']


第三

第二


$conn=mysql_connect(your parameters);



在php代码的最顶端包括以下两行:


error_reporting(E_ALL);
ini_set('display_errors', '1');


它将启用错误报告,因此您将能够调试脚本。
可能问题在于,在使用字符串索引名时,读取$u POST变量(以及任何数组类型变量)时应使用“引号”:


 $_POST[firstName] must be written as follows:
 $_POST['firstName']


使此查询更安全(例如,针对sql注入攻击)的一个好方法是在POST中替换值,而不是将其直接传递给查询


 $firstName = mysql_real_escape_string($_POST['firstName']);


POST中的值将被替换,以便您可以将其传递给SQL

尝试使所有变量都符合以下条件:


$sql = "INSERT INTO $usertable 
(firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";


最后,您需要实际执行查询:


mysql_query($sql);



如果运行正常,您将不会看到任何错误,但请确保舒尔能够在此脚本中启用错误报告。当一切正常时,记得删除错误报告。
就像其他人说的那样,将注释放在数组引用中。也就是说,您确实需要转义$\u POST变量以避免SQL注入,如果代码顺序明确,那么调试也会更容易:)

使用有序代码,您可以键入echo“some text”;在您想要的任何接触点,以便您可以看到代码在哪里中断

此外,在php.ini或代码()中打开错误报告也是观察无法预测的错误的最佳选择


<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
echo "connected to mysql";
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());
echo "connected to database";    
//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

echo "sanitised input";
//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";
echo "build query: ".$sql;    
//then you'll need to execute the query :)
if (mysql_query($sql))
    echo "query success";
else 
    echo "query failed";

//ps you can ignore the last? >



打开错误报告您应该执行
$\u POST['firstName']
而不是普通的
$\u POST[firstName]
,但我也看不到您
会回显任何内容。您正在编写查询语句,但从未执行它们(使用mysql\u查询函数)。你应该使用MySQL或PDO代替MySQL函数,因为它们不安全和不受欢迎。发布的代码(如果它工作)不会输出任何东西。你在期待什么?我知道所有其他的评论和答案都解决了导致白板的问题,但是我真诚地认为@ Zod的评论是真正的答案。“我为什么要看白色屏幕“。也是最有建设性的;)。只有MHO。这不会导致致命错误
等等
-这不是很好的描述/帮助=)。呵呵!拿上你的计数牌!正如我所说的,我是一个noobxd。我可以看到$sql变量的设置位置。所以现在我只需要让它运行一点点代码,将这些值输入到我的数据库中。这就是我想让它做到的。这一次看起来特别有希望。我试着用它来代替我的重要信息,但它说了以下内容:注意:未定义的索引:第26行的/home/content/85/11323785/html/devTest/insert2.php中的country有问题吗?它与所有其他变量完全相同。这意味着它不在数组中,请检查您的表单以确保country变量具有正确的字段名etcgot。。但是这段代码仍然会产生一个空白的白屏。T还有其他想法吗?如果这段代码运行正常,它将不会显示任何内容,尽管会向数据库中添加一条记录。我要做的是将代码放在其中,以提供输出。例如,在“mysqlselectdb”方法之后,在该echo中插入一行(“db connect success”);如果在代码中添加足够多的点,您将看到文本输出,直到出现错误为止。我将编辑代码以显示。

mysql_query($sql);



<?php
$hostname = "myHostName";
$username = "PreRegCustomers";
$dbname = "PreRegCustomers";
$password = "myPassword";
$usertable = "CustomerInfo";

//connect to mysql
$link_id = mysql_connect($hostname, $username, $password);
if (!$link_id) {
    die("Unable to connect to database! Please try again later. error:".mysql_errno());
}
echo "connected to mysql";
//make sure your DB exists
if (!mysql_select_db($dbname)) die ("Connected to mysql but could not connect to the DB. error:".mysql_errno());
echo "connected to database";    
//avoid sql_injection
$firstName = mysql_real_escape_string($_POST['firstName']);
$lastName = mysql_real_escape_string($_POST['lastName']);
$streetAddress = mysql_real_escape_string($_POST['streetAddress']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$country = mysql_real_escape_string($_POST['country']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$badgeName = mysql_real_escape_string($_POST['badgeName']);

echo "sanitised input";
//write the query
$sql = "INSERT INTO $usertable 
    (firstName, lastName, streetAddress, city, state, zip, country, email, phone, badgeName) 
    VALUES ('$firstName', '$lastName', '$streetAddress', '$city', '$state', '$zip', '$country', '$email', '$phone', '$badgeName')";
echo "build query: ".$sql;    
//then you'll need to execute the query :)
if (mysql_query($sql))
    echo "query success";
else 
    echo "query failed";

//ps you can ignore the last? >