Fatal编程技术网
  • php/
  • PHP正在MYSQL数据库中插入两个重复的行

PHP正在MYSQL数据库中插入两个重复的行

php html mysql

PHP正在MYSQL数据库中插入两个重复的行,php,html,mysql,Php,Html,Mysql,我在PHP和MYSQL方面遇到了问题。我有一个HTML表单,它在提交时运行下面的PHP脚本。我认为这与以下PHP有关,而与数据库无关: <?php $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $display_name = $_POST['displayname']; $email = $_POST['email']; $password = $_POST['password']; $add_li

我在PHP和MYSQL方面遇到了问题。我有一个HTML表单,它在提交时运行下面的PHP脚本。我认为这与以下PHP有关,而与数据库无关:

<?php

$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$display_name = $_POST['displayname'];
$email = $_POST['email'];
$password = $_POST['password'];
$add_line1 = $_POST['addline1'];
$add_line2 = $_POST['addline2'];
$city = $_POST['city'];
$county = $_POST['county'];
$postcode = $_POST['postcode'];

$sql = "INSERT INTO members (memberID, 
memberPassword, 
memberFirstName, 
memberLastName,
memberAddressLine1, 
memberAddressLine2, 
memberCity,
memberCounty, 
memberPostcode, 
memberDisplayName) 
VALUES ('$email', 
'$password', '$first_name', '$last_name',
 '$add_line1', '$add_line2','$city',
 '$county', '$postcode', '$display_name')";

if (!mysqli_query($conn,$sql))
{
     die('Error: ' . mysqli_error($conn));
}
mysqli_query($conn,$sql);
echo 'Guest Added';
mysqli_close($conn);

?>


您有
mysqli\u查询($conn,$sql)在代码中输入两次。一次在if()中,一次在外部。每一个都将插入到您的数据库中


这里需要注意的是,if中的
mysqli\u查询
是经过计算的,也就是说,它是运行的,if语句根据函数调用的结果执行。因此,您不需要再次调用它。
Tushar指出了mysqli的两个查询,他是对的,此外,现在的代码将给您带来安全问题,因为它允许sql注入

请按如下方式修改您的代码:


 $first_name   = mysqli_escape_string($conn, $_POST['firstname']);
 $last_name    = mysqli_escape_string($conn, $_POST['lastname']);
 $display_name = mysqli_escape_string($conn, $_POST['displayname']);
 $email        = mysqli_escape_string($conn, $_POST['email']);
 $password     = mysqli_escape_string($conn, $_POST['password']);
 $add_line1    = mysqli_escape_string($conn, $_POST['addline1']);
 $add_line2    = mysqli_escape_string($conn, $_POST['addline2']);
 $city         = mysqli_escape_string($conn, $_POST['city']);
 $county       = mysqli_escape_string($conn, $_POST['county']);
 $postcode     = mysqli_escape_string($conn, $_POST['postcode']);



对,<代码>mysqli_查询($conn,$sql)
可以被删除,只需将
else{}
添加到
if
-语句中,并在其中回显“Guest Added”消息,作为成功的标志。感谢您的帮助-在评估时没有意识到它运行了。很好的建议-PHP新手和关于安全性的良好实践。

 $first_name   = mysqli_escape_string($conn, $_POST['firstname']);
 $last_name    = mysqli_escape_string($conn, $_POST['lastname']);
 $display_name = mysqli_escape_string($conn, $_POST['displayname']);
 $email        = mysqli_escape_string($conn, $_POST['email']);
 $password     = mysqli_escape_string($conn, $_POST['password']);
 $add_line1    = mysqli_escape_string($conn, $_POST['addline1']);
 $add_line2    = mysqli_escape_string($conn, $_POST['addline2']);
 $city         = mysqli_escape_string($conn, $_POST['city']);
 $county       = mysqli_escape_string($conn, $_POST['county']);
 $postcode     = mysqli_escape_string($conn, $_POST['postcode']);