为什么数据不会存储在我的数据库中?错误提示“您的SQL语法中有错误; ...”

时间:2013-03-25 16:38:56

标签: php mysql xampp

对不起我是php的新手,所以请耐心等待我。我正在创建一个用户界面,当我注册它时说我已注册但它没有将数据存储到数据库中。此外,每当我注册时,它都会出现错误“您的SQL语法出错;请查看与您的MySQL服务器版本对应的手册,以便在第1行的'testing101''附近使用正确的语法。”有人可以帮助我!

   <?PHP

$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){


    $uname = $_POST['username'];
    $pword = $_POST['password'];

    $uname = htmlspecialchars($uname);
    $pword = htmlspecialchars($pword);


    $uLength = strlen($uname);
    $pLength = strlen($pword);

    if ($uLength >= 10 && $uLength <= 20) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
    }

    if ($pLength >= 8 && $pLength <= 16) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
    }


    if ($errorMessage == "") {

    $user_name = "root";
    $pass_word = "";
    $database = "user authentication";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {

        $uname = quote_smart($uname, $db_handle);
        $pword = quote_smart($pword, $db_handle);




        $SQL = "SELECT * FROM login WHERE USERNAME = '".$uname."'";
        $result = mysql_query($SQL)or die(mysql_error());
        $num_rows = mysql_num_rows($result);

        if ($num_rows > 0) {
            $errorMessage = "Username already taken";
        }

        else {


    $SQL = "INSERT INTO login (USERNAME, PASSWORD) VALUES ('{$uname}', MD5('{$pword}'))"; 
            $result = mysql_query($SQL);

            mysql_close($db_handle);

        //=================================================================================
        //  START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
        //  SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
        //=================================================================================

            session_start();
            $_SESSION['login'] = "1";

            header ("Location: page1.php");

        }

    }
    else {
        $errorMessage = "Database Not Found";
    }




    }

}


?>

    <html>
    <head>
    <title>Basic Login Script</title>


    </head>
    <body>


<FORM NAME ="form1" METHOD ="POST" ACTION ="signup.php">

Username: <INPUT TYPE = 'TEXT' Name ='username'  value="<?PHP print $uname;?>" maxlength="20">
Password: <INPUT TYPE = 'TEXT' Name ='password'  value="<?PHP print $pword;?>" maxlength="16">

<P>
<INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Register">


</FORM>
<P>

<?PHP print $errorMessage;?>

    </body>
    </html>

1 个答案:

答案 0 :(得分:2)

你是在引用你的文字:

smart_quote()函数中添加了一组引号 在实际查询中添加了一组引号,因此您正在制作:

INSERT .... VALUES (''$uname'', ''$password'');

如果您对查询调用进行了正确的错误处理,那么您已经看到了这一点:

$result = mysql_query($sql) or die(mysql_error());
                           ^^^^^^^^^^^^^^^^^^^^^^
相关问题
最新问题