所以这可能是愚蠢的,但我无法在某个帐户上插入MySQL,我已经盯着这两个小时了。我是PHP的新手,所以我很可能会做一些愚蠢的事情。我附上了我试图插入的DB的屏幕截图。
以下是我所说的:
(imgur似乎对我不利)
这是我的代码,PhpMyAdmin告诉我在上授予所有特权。 TO ...
$fbFirstName = $me['first_name'];
$fbLastName = $me['last_name'];
$fbEmail = $me['email'];
mysql_real_escape_string($fbFirstName,$fbLastName,$fbEmail);
$getuserresult = mysql_query("SELECT * FROM newusers WHERE fbUID=$uid");
$userrowsreturned=mysql_num_rows($getuserresult);
if ($userrowsreturned=0)
{
echo '<br />user already exists, will update something here eventually<br />';
}
else {
$sql = mysql_query("INSERT INTO newusers (fbUID,callsAttempted,callsMade,fbEmail,fbFirstName,fbLastName) VALUES ($uid,'1','0',$fbEmail,$fbFirstName,$fbLastName)");
if(!$sql) {
die("Nope");
} else {
echo "1 record added";
}
echo '<br />created user<br />';
}
答案 0 :(得分:3)
这里有两件事情出错了。逃避就像:
$fbFirstName = mysql_real_escape_string($fbFirstName);
// for all variables
// or, just in one go:
$fbFirstName = mysql_real_escape_string($me['first_name']);
// and for integers, make sure they are actually integers (and prevent mayhem)
$some_id = (int)$me['some_id'];
$uid = (int)$uid;
插入时必须引用非整数值:
$sql = mysql_query("INSERT INTO `newusers`
(`fbUID`,`callsAttempted`,`callsMade`,`fbEmail`,`fbFirstName`,`fbLastName`)
VALUES
('$uid',1,0,'$fbEmail','$fbFirstName',$fbLastName')");
(但你也可以引用整数 - 你永远不知道某些外部id是否可能变成字母数字。)
答案 1 :(得分:2)
您有错误
if ($userrowsreturned=0)
应该是(使用double equals来测试等价,使用single equals进行赋值)
if ($userrowsreturned==0)
我还认为您实际上是指以下内容,因为您正在检查用户是否已存在
if ($userrowsreturned==1)
答案 2 :(得分:0)
首先你必须改变
$getuserresult = mysql_query("SELECT * FROM newusers WHERE fbUID=$uid");
到
$getuserresult = mysql_query("SELECT * FROM newusers WHERE fbUID='$uid'");
之后将插入更改为:
$sql = mysql_query("INSERT INTO newusers (fbUID,callsAttempted,callsMade,fbEmail,fbFirstName,fbLastName) VALUES
('$uid','1','0','$fbEmail','$fbFirstName',$fbLastName')");