PHP并不想插入数据库

时间:2014-05-21 02:08:29

标签: php

这段代码我做错了什么?

<?php

/*
 * Following code will create a new product row
 * All product details are read from HTTP Post Request
 */
 mysql_select_db("dataparkir");
 $con = mysql_connect("localhost","root","") or die("error connection");
 if($con)
 {
    echo "connection success";
 }

    // check for required fields
    $lantai = $_POST['lantai'];
    $waktu_masuk = $_POST['waktu_masuk'];
    $waktu_keluar= $_POST['waktu_keluar'];
    $id_user = $_POST['id_user'];
    $qr_code = $_POST['qr_code'];
    //echo "input data: " . $lantai." ".$waktu_masuk." ".$waktu_keluar." ".$id_user." ".$qr_code." ";

    // mysql inserting a new row
    $result = mysql_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

    // check if row inserted or not
    if ($result) {
        echo mysql_insert_id();
    } else {
        echo '0';
    }

?>

因为昨天,我正在运行此代码并且一切正常,但是今天早上,我运行此代码并且我的代码上有“connectionsuccess0”,这意味着它不是$result,为什么会这样?

表架构:

1   id_transaksi    int(11)     
2   waktu_masuk int(11)     
3   waktu_keluar    int(11)     
4   lantai  varchar(40) 
5   tempat_parkir   varchar(40) 
6   qr_code varchar(40)     
7   id_user int(11)

2 个答案:

答案 0 :(得分:3)

这段代码出了很多问题......

  1. 使用已弃用且未维护的 mysql 扩展名
  2. 在之前呼叫mysql_select_db
  3. SQL注入漏洞
  4. 无错误检查

    5. 与时俱进

    // I'm going to assume you can add some verification around these POST params.
// Here's a simple check
if (!isset($POST['lantai'], $_POST['waktu_masuk'], $_POST['waktu_keluar'], $_POST['id_user'], $_POST['qr_code'])) {
    throw new Exception('Not all required POST parameters are set. ' . print_r($_POST, true));
}

$lantai = $_POST['lantai'];
$waktu_masuk = $_POST['waktu_masuk'];
$waktu_keluar= $_POST['waktu_keluar'];
$id_user = $_POST['id_user'];
$qr_code = $_POST['qr_code'];

$con = new mysqli('localhost', 'root', '', 'dataparkir');
if ($con->connect_errno) {
    throw new Exception($con->connect_error, $con->connect_errno);
}
$con->set_charset('utf8'); // change if not appropriate

if (!$stmt = $con->prepare('INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES (?, ?, ?, ?, ?)')) {
    throw new Exception($con->error, $con->errno);
}

$stmt->bind_param('siiis', $lantai, $waktu_masuk, $waktu_keluar, $id_user, $qr_code);

if (!$stmt->execute()) {
    throw new Exception($stmt->error, $stmt->errno);
}
echo $con->insert_id;

答案 1 :(得分:0)

您确定使用的是mysql_query而不是mysqli_query。尝试将所有mysql_query更改为mysqli_query,因为这个示例:

$result = mysql_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

应该是

$result = mysqli_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

mysql_query将第一个参数作为查询,将第二个参数作为连接。

mysqli_query将第一个参数作为连接,将第二个参数作为查询。

不推荐使用

mysql_query,因此建议您使用mysqli_query

相关问题
最新问题