*下面发布的固定代码供参考(代码的第二部分首先没有)
旧帖子 不工作,我整个周末都在努力。我在数据库中获取的数据不是表单中的值。
我收到以下错误,
解析错误:语法错误,第51行/ Users / hunterjamesnelson / Sites / 290Website / Back end / p5services-backend / test.php中的意外'INTO'(T_STRING)
这是指这一行...
$sql=INSERT INTO user(first-name,last-name,email) VALUES(isset($_POST['firstname']), isset($_POST['lasttname']), isset($_POST['email']));}
我怀疑这些问题与我如何使用引号有关,但不是看起来我似乎已经尝试了所有逻辑位置,现在我就离开了。
以下是所有代码......
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<h1>test</h1>
<form action="test.php" method="post">
FirstName:<input type="text" name"firstname"> <br>
LastName:<input type="text" name"lasttname"> <br>
Email:<input type="text" name"email"> <br>
<!-- UserName:<input type="text" name"username"> <br>
Phone:<input type="text" name"phone"> <br> -->
<input type="submit" value="Submit" name="submit" />
</form>
</body>
</html>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "p5services";
// Create connection
$dbc = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$dbc) {
die("Connection failed: " . mysqli_connect_error());
}
// form VALUES
// $Fname = isset($_POST['firstname']) ? $_POST['firstname'] : '';
// $Lname = isset($_POST['lasttname']) ? $_POST['lasttname'] : '';
// $email = isset($_POST['email']) ? $_POST['email'] : '';
if (isset($_POST['submit'])) {
$sql=INSERT INTO user(first-name,last-name,email) VALUES(isset($_POST['firstname']), isset($_POST['lasttname']), isset($_POST['email']));}
if (mysqli_query($dbc, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($dbc);
}
mysqli_close($dbc);
结束旧帖子
*这是我最终使用它的作品,也许它会帮助一些人......
用户名:<!-- start signup submit -->
<?php
include '_include/php/mysqli_connect.php';
if (isset($_POST['submit_login'])) {
//set up session if the form was posted
if($_SERVER['REQUEST_METHOD']=="POST") {
$un = $_POST['username'];
$pass = $_POST['password'];
if(isset($un, $pass)) {
$q = "SELECT * FROM user WHERE user_name='$un' AND pass='$pass' LIMIT 1";
$r = mysqli_query($dbc, $q);
if(mysqli_num_rows($r) == 1) {
$row = mysqli_fetch_assoc($r);
$_SESSION["loggedin"] = 1;
$_SESSION["user_id"] = $row['user_id'];
$_SESSION["username"] = $row['user_name'];
$_SESSION["first_name"] = $row['first_name'];
$_SESSION["roll"] = $row['roll_id'];
$loggedin = 1;
$user_id = $_SESSION['user_id'];
$username = $_SESSION['username'];
echo "Valid entery!";
} else {
$loginerror = "Invalid Username/Password Combination";
echo $loginerror;
}
} else {
session_destroy();
$loginerror = "Username/Password field was empty";
echo "else2";
}
}
} //end if submit_login
?>
<!-- end signup submit -->
答案 0 :(得分:4)
正如@Sven B指出的那样,你错过了引号。但是还有更多应该继续下去的事情。
开发环境应始终启用错误报告。最简单的方法是:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
接下来,当您接受用户输入时,这会使您容易受到SQL Injection的攻击。为了解决这个问题,我们将使用准备好的语句。此外,我们会检查这些值是否最初设置,因此我们不必担心人们在数据库中使用空值插入多行(如果您的列接受空值)
if(isset($_POST['firstname'], $_POST['lastname'], $_POST['email'])):
$dbc = new mysqli('host', 'user', 'pass', 'db');
$dbc->prepare("insert into user(`first-name`,`last-name`,email) VALUES(?,?,?)");
$dbc->bind_param('sss', $_POST['firstname'], $_POST['lastname'], $_POST['email']);
$dbc->execute();
endif;
这样可以防止SQL注入,并且还可以确保您不会在数据库中插入一堆已删除的行。
您还会注意到包含连字符的列名称周围的反引号。根据您的列名称,这是必要的。
答案 1 :(得分:1)
你有2个错误,首先,你必须在查询中添加引号。其次,当你将它发送到数据库时,你不应该使用isset(),因为如果存在变量,isset只返回TRUE和FALSE(布尔值)。试试:
if ( isset($_POST['submit']) ) {
// protect against SQL injection
$firstname = mysqli_real_escape($dbc, $_POST['firstname']);
$lastname = mysqli_real_escape($dbc, $_POST['lastname']);
$email = mysqli_real_escape($dbc, $_POST['email']);
$sql= "INSERT INTO user(first-name,last-name,email) VALUES('$firstname', '$lastname', '$email')");
}
答案 2 :(得分:0)
您需要将查询放入&#34; &#34;你有一个
像这样:$sql= "INSERT INTO user(first-name,last-name,email) VALUES($_POST['firstname'], $_POST['lasttname'],$_POST['email'])";
另外,我真的建议使用这样的预备语句:
$sql = $dbc->prepare("INSERT INTO user(first-name,last-name,email) VALUES(?,?,?)");
$sql->bind_param('sss', $_POST['firstname'],$_POST['lastname'],$_POST['email']);
$sql->execute();