我正在尝试在提交数据并插入数据库后显示用户从php程序输入的信息。当我运行它时,我看不到任何结果。我只是得到一个空白页面。我在代码中找不到错误,希望你们能帮助我找到它,所以我可以修复它并继续前进。这只是我的代码的一部分,我想把一些信息插入到我的数据库中,然后显示我插入的内容......
if ( $valid ) {
$lines = file('/home/user/Documents/file.txt');
$uid = trim($lines[0]);
$pw = trim($lines[1]);
$dbserver = trim($lines[2]);
$dbname = trim($lines[3]);
//Connecting to mysql
$link = mysqli_connect($dbserver, $uid, $pw, $dbname);
or die('Could not connect: ' . mysql_error());
//Our SQL Query
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$organization = $_POST['organization'];
$emailaddress = $_POST['emailaddress'];
$phonenumber = $_POST['phonenumber'];
$sql_query = "INSERT INTO table VALUES ('$firstname','$lastname','$organization','$emailaddress','$phonenumber')";
//Run our sql query
$result = mysqli_query($link, $sql_query) or die('query failed'. mysql_error());
// Get all records now in DB
$sql_query = "SELECT * FROM table";
//Run our sql query
$result = mysqli_query($link, $sql_query) or die('query failed'. mysql_error());
//iterate through result printing each record
echo "<br>Names in DB: <br>";
while($row = mysqli_fetch_assoc($result)) {
echo $row['firstname'];
echo $row['lastname'];
echo $row['organization'];
echo $row['emailaddress'];
echo $row['phonenumber'];
echo "<br>";
}
// Free resultset (optional)
mysqli_free_result($result);
//Close the MySQL Link
mysqli_close($link);
}
}
答案 0 :(得分:0)
更改$ sql_query = "INSERT INTO table VALUES $firstname','$lastname','$organization','$emailaddress','$phonenumber')";
到
$sql_query = "INSERT INTO table VALUES ($firstname','$lastname','$organization','$emailaddress','$phonenumber')";
您编写的代码也非常不安全,很容易被SQL注入攻击。
花点时间学习MySQLi或PDO一系列Mysql_ *函数。以下是使用mysqli参数化查询的基本查询:
$ query = $ mysqli-&gt; prepare(“SELECT COLUMN_LIST FROM TABLE WHERE COLUMN =?”); $查询 - &GT; bind_param( 'S',$ UNSAFE_VARIABLE); $查询 - &GT;执行();
答案 1 :(得分:0)
如果您坚持使用过时的mysql函数,那么您正在寻找的是mysqli_insertid我相信它有类似的功能。