Php 请有人解释一下为什么我会收到下面的错误信息?
使用mysqli会更安全、更好 第一个连接:$db=mysqli_连接‘主机’、‘用户’、‘密码’、‘数据库’ 接下来,我们将提出我们的问题:Php 请有人解释一下为什么我会收到下面的错误信息?,php,mysql,Php,Mysql,使用mysqli会更安全、更好 第一个连接:$db=mysqli_连接‘主机’、‘用户’、‘密码’、‘数据库’ 接下来,我们将提出我们的问题: $check_day = "select * from timetable where day ='$day'"; $run = mysql_query($check_day); if(mysql_num_rows($run) > 0) { echo "<script>alert('day $day a
$check_day = "select * from timetable where day ='$day'";
$run = mysql_query($check_day);
if(mysql_num_rows($run) > 0) {
echo "<script>alert('day $day already exists in our database, please try another one!')</script>";
exit();
}
$query = "insert into timetable (classes, courses, lecturers, time, room, day) values ('$classes','$courses','$lecturers','$time','$room','$day')";
if (mysql_query($query)) {
echo "<script>alert('Registration Successful!')</script>";
}
}
现在添加了查询,您可以提供额外的操作:
$query = "insert into timetable (classes, courses, lecturers, time, room, day) values ('$classes','$courses','$lecturers','$time','$room','$day')";
$result = mysqli_query($db, $query);
您正在使用过时的PHP/MySQL函数 使用新的mysqli_*函数,因为它们更加安全和更新
我希望这对你有帮助你犯了什么错误?说。即使是这样也不安全!SQL注入!这不再只是早餐了!请已在PHP7中删除。了解有关使用PDO的语句,并考虑使用.@ Felixn,您的代码可以用SQL注入进行黑客攻击,不这样写代码@ JohnConde:保留字是什么?时间和日期是关键字,但不保留。
//Your extra code here
/* As I read all the previous comments and find out that you are using old SQL query. which is a bad practice. */
# Note: Please read what is mysqli, why we use mysqli
# I have correct your query
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$check_day = "SELECT * FROM timetable WHERE day ='".$day."'";
$run = mysqli_query($conn,$check_day);
if(mysqli_num_rows($run) >0) {
echo "<script>alert('day $day already exists in our database, please try another one!')</script>";
exit();
}else{
$query = "INSERT INTO timetable (`classes`, `courses`, `lecturers`, `time`, `room`, `day`) VALUES ('".$classes."','".$courses."','".$lecturers."','".$time."','".$room."','".$day."')";
if(mysqli_query($conn,$query)){
echo "<script>alert('Registration Successful!')</script>";
}
}