Php 为什么不是'；这不是发送到我的mysql服务器吗？

所以，每次我去

它完全没有显示任何内容，也没有将数据发送到我的mysql数据库

这是我的密码。为了安全起见，我删除了我的mysql信息

<?php
$servername = "";
$username = "";
$password = "";
$database = "";

// Establish MySQL Connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("MySafeServer Database Connection Failed: " . $conn->connect_error);
}

if (array_key_exists('param',$_GET)) {
    $gamename = $_GET['param'];
    $gameowner = $_GET['param'];
    $gameownerid = $_GET['param'];
    $placeid = $_GET['param'];
    $serverjobid = $_GET['param'];
    $serverid = $_GET['param'];
    $serverplayers = $_GET['param'];
    $sendername = $_GET['param'];
    $senderid = $_GET['param'];
    $senderage = $_GET['param'];
    $senderwarnings = $_GET['param'];
    $calltype = $_GET['param'];
    $reportinfo = $_GET['param'];
    $suspect = $_GET['suspect'];
    mysql_query("INSERT INTO mss_calls3 (gamename, gameowner, gameownerid, placeid, serverjobid, serverid, serverplayers, sendername, senderid, senderage, senderwarnings, calltype, reportinfo, suspect) VALUES ($gamename, $gameowner, $gameownerid, $placeid, $serverjobid, $serverid, $serverplayers, $sendername, $senderid, $senderage, $senderwarnings, $calltype, $reportinfo, $suspect)");
};
?>

---

@马克是对的，你应该坚持只使用mysqli函数

正如@andrewsi所说，由于您不是在查询数据，因此代码中没有任何内容可以显示insert语句是否成功，而只是在失败时显示，因此我添加了一个“成功！”回音。您仍然需要查询数据库以查看是否插入了值

@马特和@Mark关于准备语句的观点对于净化你的输入至关重要——这是安全101，你应该在上面搜索一下

但最终，我认为@CodeGodie击中了你最大的问题，那就是让它工作起来。您可以使用

$\u GET['param']

将所有变量赋给相同的值，但末尾的“可疑”除外。从您在问题中发布的链接来看，您的查询字符串中没有“param”。我不完全确定您的目的是什么，但我假设您希望将参数名与变量名匹配。我不认为它是这样工作的，但以下未经测试的代码应该可以让您继续：

<?php

$params = array(
  "gamename",
  "gameowner",
  "gameownerid",
  "placeid",
  "serverjobid",
  "serverid",
  "serverplayers",
  "sendername",
  "senderid",
  "senderage",
  "senderwarnings",
  "calltype",
  "reportinfo",
  "suspect"
);

$cols = "";
$vals = "";
$binding_type = "";
$get_params = array();

// first pass to build the query,
// and validate inputs exist
for ($params as $param) {
  if ( isset($_GET["$param"]) ) {
    $cols .= "$param,";
    $vals .= "?,";
    $get_params []= $_GET["$param"];
    // determine the binding type as either integer or string
    if (is_numeric($_GET["$param"]))
      $binding_type .= "i";
    else
      $binding_type .= "s";
  } else die("$param is not set");
}

// trim trailing commas
$cols = rtrim($cols, ",");
$vals = rtrim($vals, ",");

$sql = "INSERT INTO mss_calls3 ($cols) VALUES ($vals);";

$servername = "";
$username = "";
$password = "";
$database = "";

// Establish MySQL Connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("MySafeServer Database Connection Failed: " . $conn->connect_error);
}

// prepare statement
$stmt = $conn->prepare($sql) or die($conn->error);

// bind parameters
// watch this is the tricky dynamic part I got help from the following, but may need some work:
// http://stackoverflow.com/questions/627763/php-and-mysqli-bind-parameters-using-loop-and-store-in-array
// http://no2.php.net/manual/en/mysqli-stmt.bind-param.php#89171
call_user_func_array( array($stmt, 'bind_param'), array_merge(array($stmt, $binding_type), $get_params));

// execute
if( $stmt->execute() )
  echo "success!";
else
  echo $stmt->error;

$stmt->close();
$conn->close();

?>

不要与mysql和mysqli混合使用。。。。。选择一个接口（mysqli）并坚持使用它。我的意思是，您使用mysqli进行数据库连接，使用mysql进行查询。如果您将来要使用mysqli，请学习使用带绑定变量的准备语句，为了避免讨厌的人用SQL注入攻击破坏您的数据库，您还必须在值中引用每个参数，这些值不是一个数字，比如：值（“$gamename”，“$gameowner”，“我假设查询字符串中不存在key

param

，因此在条件

if（array\u key\u exists（'param'，$\u GET））时失败

已选中