Php 无法执行插入到成员中
这是代码中有问题的部分:Php 无法执行插入到成员中,php,user-registration,Php,User Registration,这是代码中有问题的部分: $query = mysql_query("INSERT INTO members (user, pass, mail, country, city, www, credo) VALUES ('$_POST[user]','$_POST[pass]', '$_POST[mail]', '$_POST[country]', '$_POST[city]', '$_POST[www]', '$_POST[credo]')") or die ("Error - Couldn
$query = mysql_query("INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES ('$_POST[user]','$_POST[pass]', '$_POST[mail]',
'$_POST[country]', '$_POST[city]', '$_POST[www]', '$_POST[credo]')")
or die ("Error - Couldn't register user.");
我得到了模具错误。如何找到无法执行的更具体的部分?
我试图一个接一个地消除字段,但没有结果
INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES
('".$_POST['user']."','".$_POST['pass']."', '".$_POST['mail']."',
'".$_POST['country']."', '".$_POST['city']."', '".$_POST['www']."', '".$_POST['credo']."')")
只是一个简短的警告。将POST值直接插入数据库可能会导致安全漏洞。在将所有用户输入插入数据库之前,请确保对其进行验证和筛选。这将向您说明查询失败的原因,至少可以防止一些安全问题: 小的改进
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// try to perform the INSERT query or die with the returned mysql error
$query = mysql_query("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES (
'".$dataArr["user"]."',
'".$dataArr["pass"]."',
'".$dataArr["mail"]."',
'".$dataArr["country"]."',
'".$dataArr["city"]."',
'".$dataArr["www"]."',
'".$dataArr["credo"]."'
)
") or die ("Error:<br/>".mysql_error());
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// escape everything
$query = sprintf("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
value ('%s', '%s', '%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($dataArr["user"]),
mysql_real_escape_string($dataArr["pass"]),
mysql_real_escape_string($dataArr["mail"]),
mysql_real_escape_string($dataArr["country"]),
mysql_real_escape_string($dataArr["city"]),
mysql_real_escape_string($dataArr["www"]),
mysql_real_escape_string($dataArr["credo"])
);
// try to perform the INSERT query or die with the returned mysql error
$result = mysql_query($query) or die ("Error:<br/>".mysql_error());
//按每个$\u POST条目运行,如果找不到,则将其设置为空
//清除边缘标记和空白处的值
$dataArr=array();
foreach($\发布为$key=>$value){
$dataArr[$key]=($value==“未定义”)?“”:带标签(修剪($value));
}
//尝试执行INSERT查询,否则返回mysql错误
$query=mysql\u查询(“
插入成员
(用户、通行证、邮件、国家、城市、www、信条)
价值观(
“$dataArr[“用户”]。”,
“$dataArr[“pass”]。”,
“$dataArr[“邮件”]。”,
“$dataArr[“国家”]。”,
“$dataArr[“城市”]。”,
“$dataArr[“www”]。”,
“$dataArr[“信条”]”
)
)或死亡(“错误:
”.mysql_Error());
中等改善程度
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// try to perform the INSERT query or die with the returned mysql error
$query = mysql_query("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES (
'".$dataArr["user"]."',
'".$dataArr["pass"]."',
'".$dataArr["mail"]."',
'".$dataArr["country"]."',
'".$dataArr["city"]."',
'".$dataArr["www"]."',
'".$dataArr["credo"]."'
)
") or die ("Error:<br/>".mysql_error());
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// escape everything
$query = sprintf("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
value ('%s', '%s', '%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($dataArr["user"]),
mysql_real_escape_string($dataArr["pass"]),
mysql_real_escape_string($dataArr["mail"]),
mysql_real_escape_string($dataArr["country"]),
mysql_real_escape_string($dataArr["city"]),
mysql_real_escape_string($dataArr["www"]),
mysql_real_escape_string($dataArr["credo"])
);
// try to perform the INSERT query or die with the returned mysql error
$result = mysql_query($query) or die ("Error:<br/>".mysql_error());
//按每个$\u POST条目运行,如果找不到,则将其设置为空
//清除边缘标记和空白处的值
$dataArr=array();
foreach($\发布为$key=>$value){
$dataArr[$key]=($value==“未定义”)?“”:带标签(修剪($value));
}
//逃避一切
$query=sprintf(“
插入成员
(用户、通行证、邮件、国家、城市、www、信条)
值('%s','%s','%s','%s','%s','%s','%s','%s','%s')”,
mysql_real_escape_字符串($dataArr[“user”]),
mysql_real_escape_字符串($dataArr[“pass”]),
mysql_real_escape_字符串($dataArr[“mail”]),
mysql_real_escape_字符串($dataArr[“国家]),
mysql_real_escape_字符串($dataArr[“城市]),
mysql\u real\u escape\u字符串($dataArr[“www”]),
mysql\u real\u escape\u字符串($dataArr[“credo”])
);
//尝试执行INSERT查询,否则返回mysql错误
$result=mysql\u query($query)或die(“错误:
”。mysql\u Error());
高级改进
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// try to perform the INSERT query or die with the returned mysql error
$query = mysql_query("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES (
'".$dataArr["user"]."',
'".$dataArr["pass"]."',
'".$dataArr["mail"]."',
'".$dataArr["country"]."',
'".$dataArr["city"]."',
'".$dataArr["www"]."',
'".$dataArr["credo"]."'
)
") or die ("Error:<br/>".mysql_error());
// Run by each $_POST entry and set it to empty if not found
// Clean the value against tags and blank spaces at the edges
$dataArr = array();
foreach($_POST as $key => $value) {
$dataArr[$key] = ($value == "undefined") ? '' : strip_tags(trim($value));
}
// escape everything
$query = sprintf("
INSERT INTO members
(user, pass, mail, country, city, www, credo)
value ('%s', '%s', '%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($dataArr["user"]),
mysql_real_escape_string($dataArr["pass"]),
mysql_real_escape_string($dataArr["mail"]),
mysql_real_escape_string($dataArr["country"]),
mysql_real_escape_string($dataArr["city"]),
mysql_real_escape_string($dataArr["www"]),
mysql_real_escape_string($dataArr["credo"])
);
// try to perform the INSERT query or die with the returned mysql error
$result = mysql_query($query) or die ("Error:<br/>".mysql_error());
如果您正在启动一个新项目,或者您仍然可以改变自己的方式,我强烈建议使用,以防止与当前使用的数据库连接相关的许多安全问题。您的Sql查询是错误的。
这里
你必须改用
$_POST['user']
您正在将值直接插入数据库中。。!!!
这完全是一种错误的感觉。逃走吧
$user = mysql_real_escape_string(trim($_POST['user']));
$pass = mysql_real_escape_string(trim($_POST['pass']));
$mail = mysql_real_escape_string(trim($_POST['mail']));
$country = mysql_real_escape_string(trim($_POST['country']));
$city = mysql_real_escape_string(trim($_POST['city']));
$www = mysql_real_escape_string(trim($_POST['www']));
$credo = mysql_real_escape_string(trim($_POST['credo']));
然后将其插入数据库
$query = mysql_query("INSERT INTO members
(user, pass, mail, country, city, www, credo)
VALUES ($user,$pass, $mail,$country, $city, $www, $credo)")
or die ("Error - Couldn't register user.");
代码现在是安全的,可以插入到数据库中,并且是干净的代码。
或死(“错误-无法注册用户。”.mysql_Error())代码>尝试输出SQL查询,并直接在数据库中运行它。这会告诉你什么不起作用。您还应该考虑远离mysql.*
函数,因为它们已被弃用。此外,此代码可能容易受到SQL注入的攻击。将变量从$\u POST
直接插入查询是危险的。此外,您需要{$\u POST['something']}
而不是'$\u POST[something]
。将任意数据插入SQL并不酷。在任何情况下,你都不应该做这种鲁莽的事情。这将适用于旧版本的PHP,而{$\u POST['something']}将适用于新版本。