Mysql查询麻烦:上传

时间:2012-09-08 21:37:05

标签: php mysql forms insert

我正在尝试最后一小时解决这个问题。我有一个很长的表单,我正在尝试将信息上传到mysql数据库。进入我做的表。这是我正在使用的mysql查询:

mysql_query("INSERT INTO `users_temp`(`first_name`, `surname`, `birthday`, `nationality`, `email`, `mobile`, `landline`, `address`, `town`, `post_code`, `country`, `password`, `code_conf`) VALUES ([$f_name],[$s_name],[$bday],[$nationality],[$email],[$mobile],[$landline],[$address],[$town],[$post_code],[$country],[$pass],[$conf_code])");

如果有人发现任何问题,为什么它不起作用请告诉我。谢谢...... 

$f_name         = $_POST["f_name"];
$s_name         = $_POST["s_name"];
$pass           = $_POST["pass"];
$birthday       = $_POST["bday"];
$nationality    = $_POST["nationality"];
$email          = $_POST["email"];
$mobile         = $_POST["mobile"];
$landline       = $_POST["landline"];
$address        = $_POST["address"];
$town           = $_POST["town"];
$post_code      = $_POST["post_code"];
$country        = $_POST["country"];

$conf_code      = substr(md5(uniqid(rand(), true)), 1, 70);

include("connect_into_mysql.php");
mysql_select_db("jzperson_edu", $conn);

$res_01 = mysql_query("SELECT * FROM users WHERE email='$email'");
$count_01 = mysql_num_rows($res_01);

if($count_01==0)
{
mysql_query("INSERT INTO users_temp ('first_name','surname','birthday','nationality','email','mobile','landline','address','town','post_code','country','password','code_conf') VALUES ('$f_name','$s_name','$bday','$nationality','$email','$mobile','$landline','$address','$town','$post_code','$country','$pass','$conf_code')");
header("Location: home.php");
}else{echo "This email is already registered. If you lost your password you can reset it here.";}

1 个答案:

答案 0 :(得分:1)

1 /您必须了解SQL注入:请read this article。使用mysql_real_escape_string封装所有$ _POST数据,例如:

$f_name         = mysql_real_escape_string($_POST["f_name"]);

2 / MySQL将很快弃用,请参阅红色框here

3 /在所有标题之后,放一个die()(否则,执行代码一直持续到结束,如果客户端的brwoser重定向被禁用,他可能会看到一些未经授权的内容)。

4 /不要在一行中写很长的请求,这可以避免麻烦并使工作更容易。要调试它,在末尾添加一个“or die(mysql_error())”,它将显示一条消息,帮助您获得解决方案。

mysql_query("
INSERT INTO users_temp (
    'first_name','surname','birthday',
    'nationality','email','mobile',
    'landline','address','town',
    'post_code','country','password',
    'code_conf'
) VALUES (
    '$f_name','$s_name','$bday',
    '$nationality','$email','$mobile',
    '$landline','$address','$town',
    '$post_code','$country','$pass',
    '$conf_code'
)
") or die(mysql_error());

顺便说一句,您正在检查用户表并插入user_tmp表。你可能会以这种方式遇到冲突麻烦吗?

相关问题
最新问题