PHP - MYSQLI:插入用户错误

时间:2015-10-25 18:01:06

标签: php mysql mysqli

我试图将用户插入数据库并返回错误。

代码:

                    //Add User To Database
                if(isset($_POST['add_user'])){
                    $uuid = $_POST['uuid'];
                    $fullname = $_POST['fullname'];
                    $email = $_POST['email'];
                    $securitykey = $_POST['security-key'];
                    $password = $_POST['password'];
                    $phone = $_POST['phone'];
                    $activated = $_POST['activated'];
                    $role = $_POST['role'];

                         //All Fields Entered
                         //Convert Password to MD5
                         $password = md5($password);
                         //Split Full Name
                         list($firstname, $lastname) = explode(' ', $fullname);

                         //Convert Security Key To Caps Lock
                        $securitykey = strtoupper($securitykey);

                         //Insert Details into Database
                         $sqlQuery = ("INSERT INTO list_users (uuid, password, email, security_key, firstname, lastname, phone_no, activated, role) 
                         VALUES ($uuid, $password, $email, $securitykey, $firstname, $lastname, $phone, $activated, $role)");

                         if($sqlLink->query($sqlQuery) === TRUE){
                             alert("This user has been added to the database. Thanks!");
                         }else{
                            alert("Whoops, there was an error adding this user: " . $sqlLink->error);
                         }


                }

数据库: Database Structure

错误讯息: 您的SQL语法有错误;查看与您的MySQL服务器版本相对应的手册,以便在' @ gmail.com,FFGT,test,test,0777777777,0,superadmin)附近使用正确的语法。在第2行

形式:

                                        <?php
                                    //Add new user
                                    echo "<form action='control.php' method='POST'>";
                                    echo "<tr>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='uuid' type='text' class='form-control' placeholder='UUID'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false'' name='fullname' type='text' class='form-control' placeholder='Full Name'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='email' type='text' class='form-control' placeholder='Email'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='security-key' type='text' class='form-control' placeholder='Access Key'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' autocomplete='off' name='password' type='password' class='form-control' placeholder='Password'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='phone' type='text' class='form-control' placeholder='Phone No.'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='activated' type='number' min='0' max='1'class='form-control' placeholder='0'></div></td>";
                                    echo "<td><div class='input-group'><input autocomplete='false' name='role' type='text' class='form-control' placeholder='Role'></div></td>";
                                    echo "<td><button name='add_user' type='submit' class='btn btn-sm btn-info'><i class='fa fa-plus'></i> Add User</button></td>";
                                    echo "</tr>";
                                    echo "</form>";

                                    ?>

2 个答案:

答案 0 :(得分:1)

字符串的值需要在sql查询中引用sigle。整数可以不被引用,但如果它们不重要,那就像:

$sqlQuery = ("INSERT INTO list_users (uuid, password, email, security_key, firstname, lastname, phone_no, activated, role) 
                     VALUES ('$uuid', '$password', '$email', '$securitykey', '$firstname', '$lastname', '$phone', '$activated', '$role')");

答案 1 :(得分:0)

变化

($uuid, $password, $email, $securitykey, $firstname, $lastname, $phone, $activated, $role)");

('$uuid', '$password', '$email', '$securitykey', '$firstname', '$lastname', '$phone', '$activated', '$role')");

以这种方式做这件事并不是一件好事。 请阅读SQL INJECTION和SQL ESCAPE STRING。