我尝试为某些东西制作登录API,但我收到了MySQL错误而且我不知道如何修复它。这是错误
您的SQL语法有错误;检查手册 对应于您的MySQL服务器版本,以便使用正确的语法 在第1行'''附近
有人可以帮帮我吗?此外,如果您有更好的建议或脚本/框架/等来构建此API链接,那么我需要一个用于管理自己字段的API。
这是我的代码:
<?php
include ('config.php');
$con = mysqli_connect(HOST, USER, PASS, NAME) or die("Error " . mysqli_error($link));
if(!isset($_GET["id"]))
{
/*
@ Login or Register
@ api.php?set=[Login/Register]&...
*/
if(isset($_GET["set"]))
{
$set = $_GET["set"];
if($set == "register")
{
if(isset($_GET["username"]))
{
if(isset($_GET["password"]))
{
if(isset($_GET["email"]))
{
$username = mysqli_escape_string($con, $_GET["username"]);
$password = mysqli_escape_string($con, $_GET["password"]);
$email = mysqli_escape_string($con, $_GET["email"]);
$query_cmd = mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$query_exe = mysqli_fetch_array($query_cmd);
$rows = mysqli_num_rows($query_cmd);
if(!$rowcount == 1)
{
$query_cmd = mysqli_query($con, "SELECT * FROM users WHERE email='$email'");
$query_exe = mysqli_fetch_array($query_cmd);
$rows = mysqli_num_rows($query_cmd);
if(!$rowcount == 1)
{
$query_cmd = mysqli_query($con, "INSERT INTO users (id, username, password, email, ip, hwid, funds) VALUES ('" . $username . "','" . $password . "','" . $email . "','" . $_SERVER['REMOTE_ADDR'] . "'),'" . $_GET["hwid"] . "';");
if ($query_cmd == false)
{
echo "Register failed: " . mysqli_error($con);
}
else
{
echo "Registerd!";
}
} else {
echo "Email already in use";
}
} else {
echo "Username already in use";
}
}
}
}
} else if($set == "login")
{
if(isset($_GET["username"]))
{
if(isset($_GET["password"]))
{
$username = mysqli_escape_string($con, $_GET["username"]);
$password = mysqli_escape_string($con, $_GET["password"]);
$query_cmd = mysqli_query($con, "SELECT * FROM users WHERE username=$username");
$query_exe = mysqli_fetch_array($query_cmd);
$rows = mysqli_num_rows($query_cmd);
if($rowcount == 1)
{
if($password != $query['password'])
{
echo'Wrong password';
} else {
echo 'Successful login';
}
} else {
echo "Account does not exists";
}
}
}
} else {
echo "This is not a valid account option";
}
} else {
echo "This is not a valid API option";
}
} else {
// Gather information
}
mysqli_close($con);
?>
答案 0 :(得分:3)
您的代码中存在一些错误,其中一个错误出现在您的上一个查询中:
WHERE username=$username");
$username需要用引号括起来,它是一个字符串。
WHERE username='$username'");
INSERT查询中也有错误 -
"INSERT INTO users (id, username, password, email, ip, hwid, funds) VALUES ('" . $username . "','" . $password . "','" . $email . "','" . $_SERVER['REMOTE_ADDR'] . "'),'" . $_GET["hwid"] . "';"
您指定了7列但只有5个插入值。 (为什么)位于查询的中间?这是一个语法错误本身。
其他编辑:
这一行有一个错位的括号:
$query_cmd = mysqli_query($con,
"INSERT INTO users (id, username, password, email, ip, hwid, funds)
VALUES
('" . $username . "','" . $password . "','" . $email . "',
'" . $_SERVER['REMOTE_ADDR'] . "'),'" . $_GET["hwid"] . "';");
^ there
其中应为:
$query_cmd = mysqli_query($con,
"INSERT INTO users (id, username, password, email, ip, hwid, funds)
VALUES ('" . $username . "','" . $password . "','" . $email . "',
'" . $_SERVER['REMOTE_ADDR'] . "','" . $_GET["hwid"] . "')");
然而,正如Jay概述in his edit(谢谢杰伊),你有7列但只有5个插入值。
因此,您需要添加丢失或太多的那些。
<强> N.B:
现在,如果“id”是auto_increment,您可以在''中添加VALUES ('', '" . $username . "',,包括“资金”的变量,这似乎不在您的问题中。