PHP查询到数据库失败?

时间:2012-12-17 05:37:28

标签: php mysql sql

我想将数据插入我这样设置的数据库

  • name varchar(35)
  • department varchar(50)
  • rating smallint(6)
  • easyiness smallint(6)
  • textbook varchar(3)
  • 时间戳时间戳
  • course char(10)
  • 曲线char(3)
  • 评论文字

我使用下面这样的查询插入数据,它实际上并没有插入数据库,页面重新加载就是这样。这是print_r()var_dump()的结果。实际查询功能如下。可能是什么问题?我认为它可以是某种类型的文本类型溢出。但我无法弄明白,谢谢你的帮助

print_r()结果:

insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn't require it but it will make the difference between an A or a B. It's very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He's a very good teacher and I would recommend him to someone else')

var_dump()结果:

string(424) "insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn't require it but it will make the difference between an A or a B. It's very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He's a very good teacher and I would recommend him to someone else')" bool(false)   

这是我的代码:

function processadd()
{
    $name =htmlentities($_POST['prof']);
    $department =htmlentities($_POST['depart']);
    $rating =htmlentities($_POST['Rating']);
    $easy=htmlentities($_POST['Easiness']);
    $textbook =htmlentities($_POST['Book']);
    $course =htmlentities($_POST['course']);
    $curve =htmlentities($_POST['curve']);
    $comment =htmlentities($_POST['comment']);
    if($course == "" || $comment == "")
    {
        print"<div class=error><h3> Empty Fields exist!, please fill out completely</h3></div>";
    }
    else
    {
    $db = adodbConnect();
    $query = "insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('$name','$department','$rating','$easy','$textbook','$course','$curve','$comment')";
    $result = $db -> Execute($query);
    }
    print_r($query);
    print_r($result);
    print"<br>";
    print"<br>";
    print"<br>";
    var_dump($query);
    var_dump($result);

}

2 个答案:

答案 0 :(得分:0)

您的问题可能出现在评论中。看起来你并没有在整个评论中逃脱。尝试插入此声明:

insert into professor(name,department,rating,easiness,textbook,course,curve,comment)
values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn\'t require it but it will make the difference between an A or a B. It\'s very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He\'s a very good teacher and I would recommend him to someone else');

答案 1 :(得分:0)

虽然您没有指定您收到的错误,但我猜测它与您的查询中的引号无关,特别是(但不限于)comment

例如,样本中的列是:

  

去上课。他不需要它,但它会有所作为   在A或B之间。没有存在就很难做任何事情   在班上。只要你出现,他就会提供你需要的所有答案。   他是一位非常好的老师,我会把他推荐给别人

此文本包含多个单引号,这将破坏您的SQL查询并给您一个错误。

您在每个列的输入上使用htmlentities,但这不会阻止SQL注入;并且,默认情况下,htmlentities也不会转换单引号。

我不知道您的数据库类正在实现什么MySQL库,但您可能想尝试使用库的转义函数。

例如,如果您使用较旧的mysql_功能,请为每个值使用mysql_real_escape_string()代替htmlentities()。另一方面,如果您使用的是更推荐的MySQLiPDO类,请将您的查询转换为预备语句。