Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/241.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php &引用;'中的未知列;字段列表'&引用;_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php &引用;'中的未知列;字段列表'&引用;

Php &引用;'中的未知列;字段列表'&引用;

php mysql

Php &引用;'中的未知列;字段列表'&引用;,php,mysql,Php,Mysql,我的php代码中有一个wierd bug,每次我输入一个值,它都会抛出一个错误,说第一个值不存在。。。 我插入数据库的第一个值($from)是错误中的值。 我试图用其他值更改位置,但每次第一个值都有错误。 我的代码有问题吗 <?php $from = $_GET['from']; $to = $_GET['to']; $message = $_GET['message']; $time = new DateTime(); $time = date('Y-m-d H:i:s'); $con

我的php代码中有一个wierd bug,每次我输入一个值,它都会抛出一个错误,说第一个值不存在。。。 我插入数据库的第一个值($from)是错误中的值。 我试图用其他值更改位置,但每次第一个值都有错误。 我的代码有问题吗

<?php 
$from = $_GET['from'];
$to = $_GET['to'];
$message = $_GET['message'];
$time = new DateTime();
$time = date('Y-m-d H:i:s');
$con = mysqli_connect("localhost","root","","encrypchat");
if(mysqli_connect_errno($con))
{
    echo "Failed to connect to MySql: " . mysqli_connect_error();
}
$check="SELECT * FROM `users` WHERE `username` = '$to'";
$rs = mysqli_query($con,$check);
$data = mysqli_fetch_array($rs, MYSQLI_NUM);
echo $data[0];
echo "<br />";
if($data[0] >= 1) {
    echo "<br />"."USER EXISTS";
    $sql="INSERT INTO ".$to."_msgs (`from_user`, `to_user`, `message`,`time`)
    VALUES (`$from`, `$to`, `$message`,`$time`)";

    if (!mysqli_query($con,$sql)) {
        die('Error: ' . mysqli_error($con));
    }
    echo "1 record added";

}
if(!$data[0]){
    echo "<br />"."USER DOESNT EXIST";
}


mysqli_close($con);
?>

尝试删除backtics并在值列表中使用单引号,如


$sql="INSERT INTO ".$to."_msgs (`from_user`, `to_user`, `message`,`time`)
    VALUES ('$from', '$to', '$message','$time')";


它们应该是撇号,而不是表示表名或列名的回号。
确保GET变量中有值

在insert查询内的变量中使用反勾号(`),它应该是单引号(')

在查询中使用变量值之前,先对变量值的字符串进行转义,以避免某些SQL注入

我还建议您使用POST方法,如果您有太多的变量要传递,则不要使用GET方法


<?php 

/* ESTABLISH CONNECTION */

$con = mysqli_connect("localhost","root","","encrypchat");
if(mysqli_connect_errno($con))
{
    echo "Failed to connect to MySql: " . mysqli_connect_error();
}

/* USE MYSQLI_REAL_ESCAPE_STRING IN YOUR VARIABLES */

$from = mysqli_real_escape_string($con,$_GET['from']);
$to = mysqli_real_escape_string($con,$_GET['to']);
$message = mysqli_real_escape_string($con,$_GET['message']);
$time = new DateTime();
$time = date('Y-m-d H:i:s');

$check="SELECT * FROM `users` WHERE `username` = '$to'";
$rs = mysqli_query($con,$check); /* EXECUTE QUERY */

/* YOU CAN ALSO DIRECTLY USE IT TO $data=mysqli_num_rows($rs); AND USE $data IN YOUR CONDITIONS INSTEAD OF $data[0] */
$data = mysqli_fetch_array($rs,MYSQLI_NUM); 
echo $data[0];
echo "<br />";

if($data[0] >= 1) { /* IF A RECORD HAS BEEN FOUND */

    echo "<br />"."USER EXISTS";
    $sql="INSERT INTO ".$to."_msgs (`from_user`, `to_user`, `message`,`time`)
    VALUES ('$from', '$to', '$message','$time')"; /* YOU CAN USE BACKTICKS ON THE COLUMN NAME, BUT NOT FOR THE VARIABLES TO BE INSERTED */

    if (!mysqli_query($con,$sql)) { /* IF QUERY FAILED */
        die('Error: ' . mysqli_error($con));
    }
    echo "1 record added";

}

else if(!$data[0]){ /* MADE IT INTO ELSE IF INSTEAD OF IF ONLY */
    echo "<br />"."USER DOESNT EXIST";
}

mysqli_close($con);

?>



您很容易受到mysql注入攻击。。。使用准备好的语句plz。哦,每个用户都有自己的表?认真地只需使用关系“消息”表请提供数据库创建。您的代码极易受到SQL注入攻击,请学习如何使用准备好的语句。您的URL中是否真的有from和to?@LoganWayne不仅如此,URL中还包含整个消息

<?php 

/* ESTABLISH CONNECTION */

$con = mysqli_connect("localhost","root","","encrypchat");
if(mysqli_connect_errno($con))
{
    echo "Failed to connect to MySql: " . mysqli_connect_error();
}

/* USE MYSQLI_REAL_ESCAPE_STRING IN YOUR VARIABLES */

$from = mysqli_real_escape_string($con,$_GET['from']);
$to = mysqli_real_escape_string($con,$_GET['to']);
$message = mysqli_real_escape_string($con,$_GET['message']);
$time = new DateTime();
$time = date('Y-m-d H:i:s');

$check="SELECT * FROM `users` WHERE `username` = '$to'";
$rs = mysqli_query($con,$check); /* EXECUTE QUERY */

/* YOU CAN ALSO DIRECTLY USE IT TO $data=mysqli_num_rows($rs); AND USE $data IN YOUR CONDITIONS INSTEAD OF $data[0] */
$data = mysqli_fetch_array($rs,MYSQLI_NUM); 
echo $data[0];
echo "<br />";

if($data[0] >= 1) { /* IF A RECORD HAS BEEN FOUND */

    echo "<br />"."USER EXISTS";
    $sql="INSERT INTO ".$to."_msgs (`from_user`, `to_user`, `message`,`time`)
    VALUES ('$from', '$to', '$message','$time')"; /* YOU CAN USE BACKTICKS ON THE COLUMN NAME, BUT NOT FOR THE VARIABLES TO BE INSERTED */

    if (!mysqli_query($con,$sql)) { /* IF QUERY FAILED */
        die('Error: ' . mysqli_error($con));
    }
    echo "1 record added";

}

else if(!$data[0]){ /* MADE IT INTO ELSE IF INSTEAD OF IF ONLY */
    echo "<br />"."USER DOESNT EXIST";
}

mysqli_close($con);

?>