这是一段代码片段,其中有一些注释掉了。如果我使用所有文字(而不是变量)发送一个案例但是当我抛出“。$ uid。”而其他人在那里它不起作用时似乎有效。每次使用后我都会继续检查数据库。
<?php // working name and pics
if ($user) {
echo "Hello test";
$arrayOfFriends = $facebook->api('/me/friends');
foreach ($arrayOfFriends['data'] as $value) {
$uid = $value['id'];
$name = $value['name'];
echo $name;
//create the url
$profile_pic = "http://graph.facebook.com/".$uid."/picture?type=large";
//echo the image out
echo "<img src=\"" . $profile_pic . "\" />";
echo "<br>";
//put uid, name, and link to pic in data base
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
echo "MySQL connects" ;
}
//$command = "INSERT INTO `peoplestorage` ( `ID` , `UID` , `name` , `piclink` , `scoop1` , `scoop2` , `scoop3` ) VALUES ( '' ,".$uid.",".$name.",".$profile_pic.",'','','')";
//$command = "INSERT INTO `peoplestorage` ( `ID` , `UID` , `name` , `piclink` , `scoop1` , `scoop2` , `scoop3` ) VALUES ('' , '444567', 'hoop22', 'link to poictiure ', 'hero', 'big ol', '')";
//echo $command;
mysqli_query($link, "INSERT INTO `peoplestorage` ( `ID` , `UID` , `name` , `piclink` , `scoop1` , `scoop2` , `scoop3` ) VALUES ( '' ,".$uid.",".$name.",".$profile_pic.",'','','')");
}
//testing inputting data
//$result = mysqli_query($link, "SELECT * FROM `peoplestorage` LIMIT 0 , 30");
//while($row = mysqli_fetch_array($result))
//{
//echo $row['ID'] . " " . $row['name'];
//echo "<br>";
//}
}
?>
答案 0 :(得分:1)
您应该查看参数化查询,这将否定此问题。
您的问题源于您没有引用变量字符串这一事实。
mysqli_query($link, "INSERT INTO `peoplestorage` ( `ID` , `UID` , `name` , `piclink` , `scoop1` , `scoop2` , `scoop3` ) VALUES ( '' ,'".$uid."','".$name."','".$profile_pic."','','','')");
答案 1 :(得分:0)
使用预准备语句,它更清晰,也可以防止SQL注入:
$query = "INSERT INTO `peoplestorage` ( `ID` , `UID` , `name` , `piclink` , `scoop1` , `scoop2` , `scoop3` ) VALUES ('',?,?,?,'','','')";
$stmt = $link->prepare($query);
$stmt->bind_param('iss', $uid, $name, $profile_pic);
$stmt->execute();
$stmt->close();