Php 插入mysql数据库不工作
我正在尝试做一些非常简单的事情。我只想在MySQL中插入信息 下面是表单的代码Php 插入mysql数据库不工作,php,mysql,database,insertion,Php,Mysql,Database,Insertion,我正在尝试做一些非常简单的事情。我只想在MySQL中插入信息 下面是表单的代码 <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select database.
<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// get value of id that sent from address bar
$dj=$_GET['dj'];
// Retrieve data from database
$sql="SELECT * FROM $tbl_name WHERE dj='$dj'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
?>
<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<form name="form1" method="post" action="insert_ac.php">
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<tr>
<td> </td>
<td colspan="3"><strong>Insert The information for the Now PlayingProgram.</strong>
</td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"> </td>
<td align="center"> </td>
<td align="center"> </td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"><strong>Name</strong></td>
<td align="center"><strong>Email</strong></td>
<td align="center"><strong>Email2</strong></td>
</tr>
<tr>
<td> </td>
<td align="center">
<input name="name" type="text" id="name" value="">
</td>
<td align="center">
<input name="email" type="text" id="email" value="" size="15">
</td>
<td>
<input name="email2" type="text" id="email2" value="" size="15">
</td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"><strong>Twitter</strong></td>
<td align="center"><strong>Twitter2</strong></td>
<td align="center"><strong>Avatar</strong></td>
</tr>
<tr>
<td> </td>
<td align="center">
<input name="twitter" type="text" id="twitter" value="">
</td>
<td align="center">
<input name="twitter2" type="text" id="twitter2" value="" size="15">
</td>
<td>
<input name="avatar" type="text" id="avatar" value="" size="15">
</td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"><strong>Facebook</strong></td>
<td align="center"><strong>Facebook2</strong></td>
<td align="center"><strong>Type</strong></td>
</tr>
<tr>
<td> </td>
<td align="center">
<input name="facebook" type="text" id="facebook" value="">
</td>
<td align="center">
<input name="facebook2" type="text" id="facebook2" value="" size="15">
</td>
<td>
<input name="type" type="text" id="type" value="" size="15">
</td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"><strong>Alias1</strong></td>
<td align="center"><strong>Alias2</strong></td>
<td align="center"><strong>Alias3</strong></td>
</tr>
<tr>
<td> </td>
<td align="center">
<input name="alias1" type="text" id="alias1" value="">
</td>
<td align="center">
<input name="alias2" type="text" id="alias2" value="" size="15">
</td>
<td>
<input name="alias3" type="text" id="alias3" value="" size="15">
</td>
</tr>
<tr>
<td align="center"> </td>
<td colspan="3" align="center"><strong>Request Line</strong></td>
</tr>
<tr>
<td> </td>
<td colspan="3" align="center">
<input name="address" type="text" id="address" value="" size="65">
</td>
</tr>
<tr>
<td> </td>
<td>
<input name="dj" type="hidden" id="dj" value="">
</td>
<td align="center">
<input type="submit" name="Submit" value="Submit">
</td>
<td> </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
// close connection
mysql_close();
?>
列名name
和type
需要打勾,因为它们是MySQL中的保留名称
将$sql=
行更新为以下代码:
$sql = "INSERT INTO $tbl_name (`name`, email, email2, twitter, twitter2, avatar, facebook, facebook2, `type`, alias1, alias2, alias3, address, dj) VALUES (
'".mysql_real_escape_string($_POST['name'])."',
'".mysql_real_escape_string($_POST['email'])."',
'".mysql_real_escape_string($_POST['email2'])."',
'".mysql_real_escape_string($_POST['twitter'])."',
'".mysql_real_escape_string($_POST['twitter2'])."',
'".mysql_real_escape_string($_POST['avatar'])."',
'".mysql_real_escape_string($_POST['facebook'])."',
'".mysql_real_escape_string($_POST['facebook2'])."',
'".mysql_real_escape_string($_POST['type'])."',
'".mysql_real_escape_string($_POST['alias1'])."',
'".mysql_real_escape_string($_POST['alias2'])."',
'".mysql_real_escape_string($_POST['alias3'])."',
'".mysql_real_escape_string($_POST['address'])."',
'".mysql_real_escape_string($_POST['dj'])."')";
编辑:添加了一些SQL输入清理可能是因为您的变量$tbl_name
始终为空。出于安全原因,我删除了该信息。请检查是否所有这些字段名称、电子邮件、email2、twitter、twitter、twitter、avatar、facebook、facebook2、类型、别名1、别名2、别名3、地址,dj
存在于表中$tbl\u name
若要查找错误,请尝试使用mysql\u errno()
和mysql\u error()
并告诉我们mysql返回的错误是什么“$host”
?Cargo cult编程…很抱歉,这并没有解决我的问题。不过,这很容易受到SQL注入的影响。当你这样做的时候,你可以纠正这个错误。我在insert语句中添加了一些净化措施。好的,我也尝试了,但仍然没有成功尝试回显$sql
,并运行诸如mysql workbench之类的编辑器,这样你就可以确切地看到发生了什么错误以及sql语句中的位置。
$sql = "INSERT INTO $tbl_name (`name`, email, email2, twitter, twitter2, avatar, facebook, facebook2, `type`, alias1, alias2, alias3, address, dj) VALUES (
'".mysql_real_escape_string($_POST['name'])."',
'".mysql_real_escape_string($_POST['email'])."',
'".mysql_real_escape_string($_POST['email2'])."',
'".mysql_real_escape_string($_POST['twitter'])."',
'".mysql_real_escape_string($_POST['twitter2'])."',
'".mysql_real_escape_string($_POST['avatar'])."',
'".mysql_real_escape_string($_POST['facebook'])."',
'".mysql_real_escape_string($_POST['facebook2'])."',
'".mysql_real_escape_string($_POST['type'])."',
'".mysql_real_escape_string($_POST['alias1'])."',
'".mysql_real_escape_string($_POST['alias2'])."',
'".mysql_real_escape_string($_POST['alias3'])."',
'".mysql_real_escape_string($_POST['address'])."',
'".mysql_real_escape_string($_POST['dj'])."')";