我想将项目插入我的数据库,但似乎无法插入其中,这里是我的代码,有谁知道原因?
提交后,我查看了我的表格' info',它也没有任何变化。
http://i.stack.imgur.com/z9rxI.jpg
this is the front-end of signup page, and the test.php after the submission
答案 0 :(得分:1)
您的'变量上的密钥访问者没有$_POST,这些变量是您直接传递给查询函数的(您不应该... 。见下文)。但是,我不会向您展示如何纠正这种情况,而是向您展示如何更好地保护自己免受SQL注入。
目前,只需允许用户直接将数据发布到您的数据库,您就会超级易受SQL注入攻击。而是使用prepared statement来对抗这种特殊情况。
$stmt = $mysqli->prepare('INSERT INTO info(username, password, first_name, last_name, location, email, pwv) VALUES(?,?,?,?,?,?,?)');
$stmt->bind_param('sssssss',
$_POST['username'],
$_POST['password'],
$_POST['firstname'],
$_POST['lastname'],
$_POST['location'],
$_POST['email'],
$_POST['pwv']);
$stmt->execute();
$stmt->store_result();
if( count( $stmt->num_rows ) > 0 ) {
//this is success
}
答案 1 :(得分:0)
将$_POST设置为变量:
$username = $_POST['username'];
$password = $_POST['password'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$email = $_POST['email'];
$pwd = $_POST['pwv'];
$sql = "INSERT INTO info(username, password, first_name, last_name, location, email, pwv)
VALUES('$username','$password','$first_name','$last_name','$location','$email','$pwv');
答案 2 :(得分:0)
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
$conn = mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db($dbname,$conn);
$sql = mysql_query("INSERT INTO `info` (`username`,`password`,`first_name`,`last_name`,`location`,`email`,`pwv`)
VALUES('".$_POST['username']."','".$_POST['password']."','".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['location']."','".$_POST['email']."','".$_POST['pwv']."')")or die(mysql_error());
?>