为什么电子邮件值存储为mysql数据库中的%email?

时间:2013-07-25 17:00:10

标签: php html mysql

我在制作项目时很新,所以请不要介意。我使用php,html,css创建了一个代码,将一些数据存储到mysql数据库中。一切都很好,但电子邮件值存储为数据库中的%email。请有人帮帮我。

电子邮件字段的HTML代码:

<div class="row">
        <div class="label">Email Id</div>
        <div class="inputaddr">
            <input type="text" id="email" required="required" class="detail" name="email"/>
        </div>
        <div class="label">Category</div>
        <div class="inputmobile">
            <input type="text" id="category" required="required" class="shortdetail" name="category"/>
        </div>                  
    </div> <!-- end of 5th row -->

.php文件:

<?php
$conn = mysql_connect("localhost", "root", "");
$db = mysql_select_db('ssitdashboard', $conn) or die(mysql_error());

if(isset($_REQUEST['submit'])){
    $fullname = $_POST['fullname'];
    $fname = $_POST['fname'];
    $mname = $_POST['mname'];
    $raddr = $_POST['raddr'];
    $laddr = $_POST['laddr'];
    $email = $_POST['email'];
    $sex = $_POST['sex'];
    $dob = $_POST['dob'];
    $bloodgroup = $_POST['bloodgroup'];
    $mobile = $_POST['mobile'];
    $rmobile = $_POST['rmobile'];
    $category = $_POST['category'];
    $usn = $_POST['usn'];
    $branch = $_POST['branch'];
    $sem = $_POST['sem'];
    $eca = $_POST['eca'];
    $year = $_POST['years'];
    $quota = $_POST['quota'];

    $que = "INSERT INTO personal_details(name, fname, mname, raddr, laddr, email, sex, dob, blood_group, mobile, rmobile, category, usn, branch, sem, eca, year, quota) VALUES ('$fullname', '$fname', '$mname', '$raddr', '$laddr', '%email', '$sex', '$dob', '$bloodgroup', '$mobile', '$rmobile', '$category', '$usn', '$branch', '$sem', '$eca', '$year', '$quota')";
    if(mysql_query($que)){
//          echo "<script>alert('You have registered successfully')</script>";
//          echo "<script>window.open('http://www.ssit.edu.in')</script>";  
        header("Location:thankyou.html");
        exit;

    }

}

?>

在数据库中,电子邮件字段被视为varchar(30)

3 个答案:

答案 0 :(得分:2)

您的查询中有一个拼写错误,%email您想要$email

话虽这么说,你应该删除所有这段代码并将其替换为没有巨大的SQL注入错误的东西。您必须对插入的每个mysql_real_escape_string值使用$_POST,或者您应该使用PDO。

如果您有参数化查询,这样的错误要难得多。 PDO中的一个例子是:

# Using named data placeholders here
$pdo->prepare(
  "INSERT INTO personal_details(name, fname, mname, raddr, laddr,
    email, sex, dob, blood_group, mobile, rmobile, category, usn,
    branch, sem, eca, year, quota)
  VALUES (:fullname, :fname, :mname, :raddr, :laddr,
    :email, :sex, :dob, :bloodgroup, :mobile, :rmobile, :category, :usn,
    :branch, :sem, :eca, :year, :quota)";

# When executing you specify the data to be used. The same prepared statement can be
# executed many times with different data.
$pdo->execute(array('fullname' => $_POST['fullname'], 'fname' => $_POST['fname'], ...));

答案 1 :(得分:1)

尝试在SQL语句中将%email更改为$email

但是,另外,请查看PDO,因为此实现容易受到SQL注入攻击。

要详细说明PDO实现,您可以针对您的情况执行类似的操作:

$username = "root";
$password = "";
$host = "localhost";
$dbname = "ssitdashboard";

$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');

try{
   $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}catch(PDOException $ex){
   die("Failed to connect: ".$ex->getMessage());
}

现在您有一个存储在$db中的PDO连接,您可以通过该连接进行查询。如果您不使用PHP 5.4,则可能需要考虑magic quotes,因此请记住这一点。

否则,像这样创建查询语句.. 

$query = "INSERT INTO personal_details ( name, fname, mname, raddr, laddr, email, sex, dob, blood_group, mobile, rmobile, category, usn, branch, sem, eca, year, quota ) VALUES ( :name, :fname, :mname, :raddr, :laddr, :email, :sex, :dob, :blood_group, :mobile, :rmobile, :category, :usn, :branch, :sem, :eca, :year, :quota )"

之后,您希望将$_POST变量中的值绑定到前面有:的参数(例如:name)。你是这样做的:

$query_params = array( ':name' => $_POST['fullname'], ':fname' => $_POST['fname'], ':mname' => $_POST['mname'], ':raddr' => $_POST['raddr'], ':laddr' => $_POST['laddr'], ':email' => $_POST['email'], ':sex' => $_POST['sex'], ':dob' => $_POST['dob'], ':blood_group' => $_POST['bloodgroup'], ':mobile' => $_POST['mobile'], ':rmobile' => $_POST['rmobile'], ':category' => $_POST['category'], ':usn' => $_POST['usn'], ':branch' => $_POST['branch'], ':sem' => $_POST['sem'], ':eca' => $_POST['eca'], ':year' => $_POST['years'], ':quota' => $_POST['quota']);

最后,既然您已经拥有了语句和参数,请使用先前创建的$db变量来准备和执行语句。

$statement = $db->prepare($query);
$result = $statement->execute($query_params);

由于我们只是将INSERT变量放入数据库,因此应该只需要它。如果你是SELECT数据,你可以在完成上述操作后做同样的事情...... 

$rows = $statement->fetchAll();

现在,您可以使用foreach语句引用数据库表的每个$row中的列标题。

$bloodArray = array();
foreach($rows as $row){
   if(isset($row['blood_group'])){
       $bloodArray[] = $row['blood_group'];
   }
}

希望有所帮助,抱歉延迟!

答案 2 :(得分:1)

错误是我在查询中使用了%email ...

相关问题
最新问题