Question

我尝试将用户添加到我的数据库中，只有first_name，last_name，username，email和password才有效。< / p>

但是，当我尝试添加具有其他值的用户时，例如$IP和东西，它不起作用。它只是说

“发生数据库错误”

我在model_user.php

中的代码

public function insert_user() {

    $first_name = $this->input->post('first_name');
    $last_name = $this->input->post('last_name');
    $username = $this->input->post('username');
    $email = $this->input->post('email');
    $password = $this->input->post('password');
    $IP = "2";
    $total_entry = 1;
    $average_entry = 1;
    $date_of_registration = date("Y-m-d H:i:s");
    $lastactive = date("Y-m-d H:i:s");
    $user_level = 2;
    $account_state = "Active";

//insert data into database. SQL Injection bypass
     $sql = "INSERT INTO users (first_name, last_name, username, email, password, IP, total_entry, average_entry, date_of_registration, lastactive, user_level, account_state )
    VALUES (" . $this->db->escape($first_name) . ",
             " . $this->db->escape($last_name) . ",
             " . $this->db->escape($username) . ",
             '" . $email . "',
             '" . $password . "'
             '" . $IP . "'
             '" . $total_entry . "'
             '" . $average_entry . "'
             '" . $date_of_registration . "'
             '" . $lastactive . "'
             '" . $user_level . "'
             '" . $account_state . "')"; 



$result = $this->db->query($sql);

上面的代码根本不起作用。但是，当我评论出一些有用的东西时。在评论了一些事情之后，这段代码可以运行：

//insert data into database. SQL Injection bypass
     $sql = "INSERT INTO users (first_name, last_name, username, email, password)
    VALUES (" . $this->db->escape($first_name) . ",
             " . $this->db->escape($last_name) . ",
             " . $this->db->escape($username) . ",
             '" . $email . "',
             '" . $password . "')"; 

        /*   '" . $IP . "'
             '" . $total_entry . "'
             '" . $average_entry . "'
             '" . $date_of_registration . "'
             '" . $lastactive . "'
             '" . $user_level . "'
             '" . $account_state . "')";  */

使用上面的代码，用户已成功注册。我不知道我做错了什么。

Answer 1

为什么不使用有效记录？你将大大降低犯错的风险。

$data = array(
      'first_name' => $first_name ,
      'last_name' => $last_name ,
      'username' => $username,
      'email' => $email,
      'password' => $password,
      'IP' => $IP,
      'total_entry' => $total_entry,
      'average_entry' => $average_entry,
      'date_of_registration' => $date_of_registration,
      'lastactive' => $lastactive,
      'user_level' => $user_level,
      'account_state' => $account_state
);
 $this->db->insert('tablename', $data);

在旁注中，您应该在模型和提交

之后的流程中分离数据库调用

控制器：

$data = array(
      'first_name' => $this->input->post('first_name'),
        /*other fields here */
);

$this->my_model->insert_user($data);

型号：

function insert_user($data) 
{
     $this->db->insert("table", $data);
}

此处有更多详情：http://www.codeigniter.com/user_guide/database/active_record.html#insert

Answer 2

可能会出现此错误，因为您在属性＆＃34;密码＆＃34;，＆＃34; IP＆＃34;，＆＃34; total_entry＆＃34;之后缺少逗号。它解释了为什么代码在评论这些属性时有效。

Codeigniter没有将用户添加到数据库

2 个答案: