php未将信息写入数据库
试试这个, 首先回显您的查询并将此查询运行到数据库php未将信息写入数据库,php,mysql,database,Php,Mysql,Database,试试这个, 首先回显您的查询并将此查询运行到数据库 <?php $email = $_POST['email']; $first = $_POST['first']; $last = $_POST['last']; $business = $_POST['business']; $home = $_POST['home']; $cell = $_P
<?php
$email = $_POST['email'];
$first = $_POST['first'];
$last = $_POST['last'];
$business = $_POST['business'];
$home = $_POST['home'];
$cell = $_POST['cell'];
$street = $_POST['street'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$system = $_POST['system'];
$cameras = $_POST['cameras'];
$hdd = $_POST['hdd'];
if(isset($_POST['submit']))
{
$connect = mysql_connect('localhost','rebeler_customer','callaway87');
mysql_select_db("rebeler_customers");
mysql_real_escape_string($first);
$last = mysql_real_escape_string($last);
$business = mysql_real_escape_string($business);
$home = mysql_real_escape_string($home);
$cell = mysql_real_escape_string($cell);
$email = mysql_real_escape_string($email);
$street = mysql_real_escape_string($street);
$city = mysql_real_escape_string($city);
$state = mysql_real_escape_string($state);
$zip = mysql_real_escape_string($zip);
$system = mysql_real_escape_string($system);
$cameras = mysql_real_escape_string($cameras);
$hdd = mysql_real_escape_string($hdd);
$query = mysql_query("INSERT INTO `customers`(`email`,`firstname`,`lastname`, `businessname`,`homephone`, `cellphone`,`street`, `city`,`state`, `zip`,`system`, `cameras`, `hdd`) VALUES ('$email','$first','$last','$business','$home','$cell','$street','$city','$state','$zip','$system','$cameras','$hdd')");
}
?>
请不要使用
mysql\uuz
生成新代码。整套函数都已弃用,并可能导致代码不安全(请注意巨大的红色通知:)
相反,使用PDO。下面是一个使用PDO的代码示例。必须提供数据库用户名、密码和数据库名称
$query = "INSERT INTO `customers`(`email`,`firstname`,`lastname`, `businessname`,`homephone`, `cellphone`,`street`, `city`,`state`, `zip`,`system`, `cameras`, `hdd`) VALUES ('$email','$first','$last','$business','$home','$cell','$street','$city','$state','$zip','$system','$cameras','$hdd')";
echo $query;
//$result =mysql_query($query);
-PDO
-PDO::准备
-PDOStatement::execute
-PDO::errorInfo
-PDO::lastInsertId
调试时,它以什么方式失败?在mysql\u error()中有什么有用的东西吗?在PHP错误日志中?您正在使用并且应该使用。是否可以打印mysql_error()?错误日志中的query.nothing的值,当我使用e_all&Strict在xampp中运行它时,我得到了一大堆未定义的变量通知,这一个…警告:mysql_fetch_assoc()希望参数1是resource,布尔值在C:\xampp\htdocs\new_submit.php行中给出6@MosesBolton-你在哪里调用
mysql\u fetch\u assoc()
?上面给出的代码中没有,这对于sql注入是完全开放的。另外,您可以使用array\u键
,array\u值
,以及内爆
在更少的行中完成同样的事情。您应该尝试解决所提出的问题。@TrippyD否决票不是为了表示您不赞成该方法。这是一个技术上准确的答案,它确实解决了这个问题,因为考虑到问题的细节,代码是按书面形式工作的。
// note: untested code follows
if(isset($_POST['submit'])) {
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name, $db_username, $db_password);
$statement = $pdo->prepare('
INSERT INTO `customers`(
`email`,
`firstname`,
`lastname`,
`businessname`,
`homephone`,
`cellphone`,
`street`,
`city`,
`state`,
`zip`,
`system`,
`cameras`,
`hdd`
) VALUES (
:email,
:firstname,
:lastname,
:businessname,
:homephone,
:cellphone,
:street,
:city,
:state,
:zip,
:system,
:cameras,
:hdd
)
');
$result->execute(array(
'email'=>$_POST['email'],
'firstname'=>$_POST['first'],
'lastname'=>$_POST['last'],
'businessname'=>$_POST['business'],
'homephone'=>$_POST['home'],
'cellphone'=>$_POST['cell'],
'street'=>$_POST['street'],
'city'=>$_POST['city'],
'state'=>$_POST['state'],
'zip'=>$_POST['zip'],
'system'=>$_POST['system'],
'cameras'=>$_POST['cameras'],
'hdd'=>$_POST['hdd']
));
$customer_id = $pdo->lastInsertId();
if (!result || !$customer_id) {
var_dump($pdo->errorInfo());
die('something went wrong'); // do something better to handle errors!
}
}
if (isset($_POST['submit'])) {
try {
$connect = mysql_connect('localhost','rebeler_customer','callaway87');
mysql_select_db("rebeler_customers");
$fields = "email,first,last,business,home,cell,street,city,state,zip,system,cameras,hdd";
$sql_header = '';
$sql_values = '';
$glue = '';
array_filter(
explode(',', $fields),
function ($field) use (& $sql_header, & $sql_values, & $glue) {
$sql_header .= $glue . '`' . $field . '`';
$sql_values .= $glue . "'" . mysql_real_escape_string($_POST[$field]) . "'";
$glue = ',';
}
);
$sql = "INSERT INTO `customers`($sql_header) VALUES ($sql_values)";
$query = mysql_query($sql);
} catch(Exception $e) {
echo 'Error in line ' . $e->getLine() . ': ' . $e->getMessage();
}
}