无法将数据插入db php / msql

时间:2015-11-22 18:04:50

标签: php mysql

我正在创建一个聊天系统,其中可以发送一条消息,该消息将存储在数据库中,可以检索到显示在收件箱中,现在当我尝试保存消息时,我无法将信息插入数据库。请帮忙

代码:

include("inc/header.inc.php");

if (isset($_GET['u'])) {
    $username = mysql_real_escape_string($_GET['u']);

    if (ctype_alnum($username)) {
        //check user exists
        $check = mysql_query("SELECT username FROM users WHERE username='$username'");

        if (mysql_num_rows($check) === 1) {
            $get = mysql_fetch_assoc($check);
            $username = $get['username'];

            //Check user isn't sending themself a private message
            if ($username != $user) {
                if (isset($_POST['submit'])) {
                    $msg_title = strip_tags($_POST['msg_title']);
                    $msg_body = strip_tags($_POST['msg_body']);
                    $date = date("Y-m-d");
                    $opened = "no";
                    $deleted = "no";

                    if ($msg_title == "Enter the message title here ...") {
                        echo "Please give your message a title.";
                    }
                    else if (strlen($msg_title) < 3) {
                        echo "Your message title cannot be less than 3 characters in length!";
                    }
                    else if ($msg_body == "Enter the message you wish to send ...") {
                        echo "Please write a message.";
                    }
                    else if (strlen($msg_body) < 3) {
                        echo "Your message cannot be less than 3 characters in length!";
                    }
                    else {
                        $send_msg = mysql_query("INSERT INTO pvt_messages (id, user_from, user_to, msg_body, date, opened) VALUES ('','$user','$username','$msg_title','$msg_body','$date','$opened','$deleted')");
                        echo "Your message has been sent!";
                    }
                }
                echo "
                    <form action='send_msg.php?u=$username' method='POST'>
                    <h2>Compose a Message to $username</h2>
                    <input type='text' name='msg_title' size='30' onClick=\"value=''\" value='Enter the message title here ...'><p />
                    <textarea cols='50' rows='12' name='msg_body' style='margin-left: 0px; margin-right: 0px; width: 305px;'>Enter the message you wish to send ...</textarea><p />
                    <input type='submit' name='submit' class='btn btn-primary' value='Send Message'>
                    </form>
                ";

            }
            else {
                header("Location: $user");
            }
        }
    }
}

可能是什么问题?

3 个答案:

答案 0 :(得分:0)

U插入''进入“id”列 - 这不是错误的吗?使用try {} catch {}来检查是否有错误。并且不要使用strip_tags(而是使用filter_var或htmlentities)。阅读有关Sql注入的信息。

答案 1 :(得分:0)

我发现了我的错误,我插入的值比db中的实际列要多,所以我删除了VALUES()部分中不存在的列。

感谢您的选择,将尝试它们。

答案 2 :(得分:-1)

可能是错的,但是你不应该使用&#34; mysql_query(&#34; INSERT ......&#34;而不是&#34; $ send_msg = mysql_query(&#34; INSERT .. &#34;