我试图将用户插入数据库并返回错误。
代码:
//Add User To Database
if(isset($_POST['add_user'])){
$uuid = $_POST['uuid'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$securitykey = $_POST['security-key'];
$password = $_POST['password'];
$phone = $_POST['phone'];
$activated = $_POST['activated'];
$role = $_POST['role'];
//All Fields Entered
//Convert Password to MD5
$password = md5($password);
//Split Full Name
list($firstname, $lastname) = explode(' ', $fullname);
//Convert Security Key To Caps Lock
$securitykey = strtoupper($securitykey);
//Insert Details into Database
$sqlQuery = ("INSERT INTO list_users (uuid, password, email, security_key, firstname, lastname, phone_no, activated, role)
VALUES ($uuid, $password, $email, $securitykey, $firstname, $lastname, $phone, $activated, $role)");
if($sqlLink->query($sqlQuery) === TRUE){
alert("This user has been added to the database. Thanks!");
}else{
alert("Whoops, there was an error adding this user: " . $sqlLink->error);
}
}
数据库: Database Structure
错误讯息: 您的SQL语法有错误;查看与您的MySQL服务器版本相对应的手册,以便在' @ gmail.com,FFGT,test,test,0777777777,0,superadmin)附近使用正确的语法。在第2行
形式:
<?php
//Add new user
echo "<form action='control.php' method='POST'>";
echo "<tr>";
echo "<td><div class='input-group'><input autocomplete='false' name='uuid' type='text' class='form-control' placeholder='UUID'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false'' name='fullname' type='text' class='form-control' placeholder='Full Name'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' name='email' type='text' class='form-control' placeholder='Email'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' name='security-key' type='text' class='form-control' placeholder='Access Key'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' autocomplete='off' name='password' type='password' class='form-control' placeholder='Password'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' name='phone' type='text' class='form-control' placeholder='Phone No.'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' name='activated' type='number' min='0' max='1'class='form-control' placeholder='0'></div></td>";
echo "<td><div class='input-group'><input autocomplete='false' name='role' type='text' class='form-control' placeholder='Role'></div></td>";
echo "<td><button name='add_user' type='submit' class='btn btn-sm btn-info'><i class='fa fa-plus'></i> Add User</button></td>";
echo "</tr>";
echo "</form>";
?>
答案 0 :(得分:1)
字符串的值需要在sql查询中引用sigle。整数可以不被引用,但如果它们不重要,那就像:
$sqlQuery = ("INSERT INTO list_users (uuid, password, email, security_key, firstname, lastname, phone_no, activated, role)
VALUES ('$uuid', '$password', '$email', '$securitykey', '$firstname', '$lastname', '$phone', '$activated', '$role')");
答案 1 :(得分:0)
变化
($uuid, $password, $email, $securitykey, $firstname, $lastname, $phone, $activated, $role)");
到
('$uuid', '$password', '$email', '$securitykey', '$firstname', '$lastname', '$phone', '$activated', '$role')");
以这种方式做这件事并不是一件好事。 请阅读SQL INJECTION和SQL ESCAPE STRING。