PHP查询在流量中死亡

时间:2015-08-20 17:46:44

标签: php mysql

我目前正在测试项目的注册页面,而且我遇到了一个有点问题的问题。简而言之,用户在第一个屏幕上输入他们的信息,并在以下屏幕上确认他们的信息和他们的约会日期。在最终屏幕上,调用以下函数。

function createRecord($id,$lname,$fname,$address1,$address2,$city,$state,$zip,$email,$homephone,$cellphone)
{
    include 'dbconnect.php'; 
    $sql = "SELECT id FROM nso1_students WHERE id = " . $id;
    $result = $db->query($sql) or die("Error performing an internal check. Error: " . mysql_error());
    if(mysqli_affected_rows($db) <= 0) //This first query checks to make sure that the student's information isn't already in the database. ID is a primary key, so it should reject a duplicate entry, but I'd rather prevent it entirely.
    {
        $sql = "INSERT INTO nso1_students(psuid, lname, fname, address1, address2, city, state, zip, email, 
        homephone, cellphone) VALUES (" . $psuid . ", '" . $lname . "', '" . $fname . "',
        '" . $address1 . "', '" . $address2 . "', '" . $city . "', '" . $state . "', '" . $zip . "', 
        '" . $email . "', " . $homephone . ", " . $cellphone . ")";
        $db->query($sql) or die("Error creating student record. Error: " . mysql_error()); 
    }
    else 
    {
        echo "alert('This student already has an appointment!');window.location.href='index.php';";
    }
}

我遇到的问题是,当多人同时测试时,第二次查询中大约有3人死亡,没有显示MySQL错误。其余的没有遇到麻烦。我没有足够的经验来诊断这个例子中出了什么问题,我现在需要一些建议。如果您还需要我提供其他任何答案,请告知我们。

1 个答案:

答案 0 :(得分:2)

嗨我非常肯定'“。$ homephone。”','“。$手机。”')“;如果persome在电话号码中创建一个正常的空间查询失败,请尝试这样:< / p>

$sql = "INSERT INTO nso1_students(psuid, lname, fname, address1, address2, city, state, zip, email, 
        homephone, cellphone) VALUES (" . $psuid . ", '" . $lname . "', '" . $fname . "',
        '" . $address1 . "', '" . $address2 . "', '" . $city . "', '" . $state . "', '" . $zip . "', 
        '" . $email . "', '" . $homephone . "', '" . $cellphone . "')";

请注意安全性,你的代码是sql注入