我没有得到任何错误,但sql表不会得到任何数据......
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
header('Content-type: text/plain; charset=utf-8');
$con = mysqli_connect("127.0.0.1","root","123456","bikeshop");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
session_start();
$name=$_SESSION['username'];
$totalprice = $_POST['totalprice2'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$adress = $_POST['adress'];
$mobilephone = $_POST['mobilephone'];
$postalcode = $_POST['postalcode'];
$city = $_POST['city'];
$homephone = $_POST['homephone'];
$deliveryinfo = $_POST['deliveryinfo'];
$status = 'pending';
mysqli_query($con,"INSERT INTO orderbank (firstname, lastname, email, adress, mobilephone, postalcode, city, homephone, deliveryinfo, cost, status) VALUES ('$firstname','$lastname','$email','$adress',''$mobilephone','$postalcode',city,'$homephone','$deliveryinfo','$totalprice','$status')");
?>
答案 0 :(得分:4)
查看查询中的VALUES行:
VALUES ('$firstname','$lastname','$email','$adress',''$mobilephone','$postalcode',city,'$homephone','$deliveryinfo','$totalprice','$status')
,city, ,'$city',不应该'?为什么$mobilephone
VALUES ('$firstname','$lastname','$email','$adress','$mobilephone','$postalcode','$city','$homephone','$deliveryinfo','$totalprice','$status')
尝试将其更改为:
$_POST也就是说,您也没有捕获任何查询错误。这里有很多问题。
也就是说,这是对您的代码的重构,以使这一切更加清晰&amp;更稳定。请注意使用mysqli_error报告查询错误以及mysqli_connect_error连接。还使用$_POST值数组,以便更轻松地处理isset()值。这也允许使用!empty()和// Sundry items set by the original poster in the original code.
error_reporting(E_ALL);
ini_set('display_errors', '1');
header('Content-type: text/plain; charset=utf-8');
session_start();
// Credentials.
$host = "127.0.0.1";
$user = "root";
$password = "123456";
$database = "bikeshop";
// Connecting, selecting database
$con = mysqli_connect($host, $user, $password, $database) or die("Failed to connect to MySQL: " . mysqli_connect_error());
// Set a '$_POST' array and roll through each value.
$post_array = array('totalprice2', 'firstname', 'lastname', 'email', 'adress', 'mobilephone', 'postalcode', 'city', 'homephone', 'deliveryinfo');
foreach ($post_array as $post_key => $post_value) {
$$post_value = isset($_POST[$post_value]) && !empty($_POST[$post_value]) ? $_POST[$post_value] : null;
}
// Set the other variables.
$name = $_SESSION['username'];
$status = 'pending';
// Set the query.
$query = "INSERT INTO `orderbank` (`firstname`, `lastname`, `email`, `adress`, `mobilephone`, `postalcode`, `city`, `homephone`, `deliveryinfo`, `cost`, `status`)"
. " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
;
// Bind the params.
mysqli_stmt_bind_param($insertsql, 'sssssssssss', $firstname, $lastname, $email, $adress, $mobilephone, $postalcode, $city, $homephone, $deliveryinfo, $totalprice2, $status);
// Run the query.
$result = mysqli_query($con, $insertsql) or die(mysqli_error());
// Free the result set.
mysqli_free_result($result);
// Close the connection.
mysqli_close($con);
对输入进行一些基本验证。还使用mysqli_stmt_bind_param在查询中设置变量。最后使用mysqli_free_result&amp; mysqli_close干净利落地获得免费记忆一切都说完后关闭连接&amp;完成。
{{1}}
答案 1 :(得分:0)
代码装饰质量有助于更快地查看错误。 尝试:
INSERT INTO `orderbank` (
`firstname`,
`lastname`,
`email`,
`adress`,
`mobilephone`,
`postalcode`,
`city`,
`homephone`,
`deliveryinfo`,
`cost`,
`status`)
VALUES (
'$firstname',
'$lastname',
'$email',
'$adress',
'$mobilephone',
'$postalcode',
'$city',
'$homephone',
'$deliveryinfo',
'$totalprice',
'$status')"
答案 2 :(得分:0)
更好的解决方案是使用预准备语句和绑定参数。
为什么呢?以下是一些原因:
不会发生SQL注入。
INSERT中不会出现任何奇怪的SQL错误,例如“列不允许”。
如果您使用预准备语句,性能会更好。
代码会更清晰。
以下是示例代码:
<?php
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = $mysqli->prepare("INSERT INTO Country (ID, Name) VALUES (?, ?)");
$stmt->bind_param('is', $id, $name);
$id = 1;
$name = "USA";
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
$stmt->close();
$mysqli->close();
?>