好的,所以这是一个麻烦的小PHP脚本,我试图写:
if (!empty($_POST)) {
$pdusername = $_POST['username'];
$pdpassword = $_POST['password'];
$pdemail = $_POST['email'];
$crumbs = '
{"qActive":"","cardColor":8,"storage":"F0004a,F206","closet":"P001,C301c,C415a,C601a,C010a,C303a,C744,BG037,BG101,C401c,GI704,C456b","memberOnly":"","qItems":"","color":"1","coins":1000,"allowFriends":1,"email":"'.$pdemail.'","isEligible":"1","bankCount":"","isEmailValidated":1,"isMember":1,"lastGame":"MG001","isZing":1,"xp":0,"qCount":0,"bank":"","isSafe":"0","gold":0,"bday":"1/1/2000,382","festivalCollection":0,"wearing":"","tickets":0,"xpLevel":0,"lastPlayed":"1/1/2015,383","games":"MG001,MG002,MG003","isMod":0,"mounts":"","backpack":"","level":"1"}
';
$sql = 'INSERT INTO users (username,nickname,email,password,active,parent,ubdate,level,memberexpiry,crumbs,ismod)
VALUES ("'.$pdusername.'","","'.$pdemail.'","'.$pdpassword.'",1,0,"",1,-1,"'.$crumbs.'",0)';
$db->query($sql);
}
然而,当我提交表格时,我明白了:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'qActive":"","cardColor":8,"storage":"F0004a,F206","closet":"P001,C301c,C415a,C60' at line 2' in /var/www/html/register/index.php:35 Stack trace: #0 /var/www/html/register/index.php(35): PDO->query('INSERT INTO use...') #1 {main} thrown in /var/www/html/register/ind
为什么会这样? :/
答案 0 :(得分:0)
如何构建sql查询esp存在一些问题。在$ crumbs部分周围 - 它没有被标记为MySQL的字符串文字 您的脚本也很容易sql injections 您可以使用prepared statements来解决这些问题。
<?php
if ( isset($_POST['username'], $_POST['email'], $_POST['password']) ) {
// <-- maybe some other sanity check here? -->
$stmt = $db->prepare("
INSERT INTO
users
(username,nickname,email,password,active,parent,ubdate,level,memberexpiry,crumbs,ismod)
VALUES
(:username,'',:email,:password, 1, 0, '', 1, -1,:crumbs, 0)
");
$stmt->execute( array(
'username'=> $_POST['username'],
'email' => $_POST['email'],
'password'=> $_POST['password'],
'crumbs' => '{"qActive":"","cardColor":8,"storage":"F0004a,F206","closet":"P001,C301c,C415a,C601a,C010a,C303a,C744,BG037,BG101,C401c,GI704,C456b","memberOnly":"","qItems":"","color":"1","coins":1000,"allowFriends":1,"email":"'.$pdemail.'","isEligible":"1","bankCount":"","isEmailValidated":1,"isMember":1,"lastGame":"MG001","isZing":1,"xp":0,"qCount":0,"bank":"","isSafe":"0","gold":0,"bday":"1/1/2000,382","festivalCollection":0,"wearing":"","tickets":0,"xpLevel":0,"lastPlayed":"1/1/2015,383","games":"MG001,MG002,MG003","isMod":0,"mounts":"","backpack":"","level":"1"}'
) );
}