为什么不发送到我的mysql服务器?

时间:2016-03-19 22:26:04

标签: php mysql

所以,每次我去http://localhost/api/calls.php?gamename=test&gameowner=hi&gameownerid=1&placeid=2&serverjobid=hi&serverid=jaja&serverplayers=1&sendername=bob&senderid=3&senderage=14&senderwarnings=0&calltype=non&reportinfo=hi&suspect=none

它绝对没有显示任何内容,也没有将数据发送到我的mysql数据库。

这是我的代码。为了安全起见,我删除了我的mysql信息。

<?php
$servername = "";
$username = "";
$password = "";
$database = "";

// Establish MySQL Connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("MySafeServer Database Connection Failed: " . $conn->connect_error);
}

if (array_key_exists('param',$_GET)) {
    $gamename = $_GET['param'];
    $gameowner = $_GET['param'];
    $gameownerid = $_GET['param'];
    $placeid = $_GET['param'];
    $serverjobid = $_GET['param'];
    $serverid = $_GET['param'];
    $serverplayers = $_GET['param'];
    $sendername = $_GET['param'];
    $senderid = $_GET['param'];
    $senderage = $_GET['param'];
    $senderwarnings = $_GET['param'];
    $calltype = $_GET['param'];
    $reportinfo = $_GET['param'];
    $suspect = $_GET['suspect'];
    mysql_query("INSERT INTO mss_calls3 (gamename, gameowner, gameownerid, placeid, serverjobid, serverid, serverplayers, sendername, senderid, senderage, senderwarnings, calltype, reportinfo, suspect) VALUES ($gamename, $gameowner, $gameownerid, $placeid, $serverjobid, $serverid, $serverplayers, $sendername, $senderid, $senderage, $senderwarnings, $calltype, $reportinfo, $suspect)");
};
?>

1 个答案:

答案 0 :(得分:0)

@Mark是对的,你应该坚持只使用mysqli函数。

正如@andrewsi所说,既然你没有查询数据,你的代码中没有任何内容可以打印出insert语句是否成功,但只是在失败的情况下,所以我添加了一个&#34;成功&#34!;回声。您仍然需要查询数据库以查看是否插入了值。

@Matt和@Mark关于准备陈述的要点对于消毒你的输入至关重要 - 这是安全101,你应该在谷歌上搜索。

但最终,我认为@CodeGodie遇到了你最大的问题就是让它运转起来。您使用$_GET['param']将所有变量分配给相同的值,除了&#34; suspect&#34;在最后。从您在问题中发布的链接中,没有&#34; param&#34;在您的查询字符串中。我不完全确定你的目的是什么,但我假设您想要将参数名称与变量名称匹配。我不认为它的工作原理是这样的,但是下面未经测试的代码应该可以帮到你:

<?php

$params = array(
  "gamename",
  "gameowner",
  "gameownerid",
  "placeid",
  "serverjobid",
  "serverid",
  "serverplayers",
  "sendername",
  "senderid",
  "senderage",
  "senderwarnings",
  "calltype",
  "reportinfo",
  "suspect"
);

$cols = "";
$vals = "";
$binding_type = "";
$get_params = array();

// first pass to build the query,
// and validate inputs exist
for ($params as $param) {
  if ( isset($_GET["$param"]) ) {
    $cols .= "$param,";
    $vals .= "?,";
    $get_params []= $_GET["$param"];
    // determine the binding type as either integer or string
    if (is_numeric($_GET["$param"]))
      $binding_type .= "i";
    else
      $binding_type .= "s";
  } else die("$param is not set");
}

// trim trailing commas
$cols = rtrim($cols, ",");
$vals = rtrim($vals, ",");

$sql = "INSERT INTO mss_calls3 ($cols) VALUES ($vals);";

$servername = "";
$username = "";
$password = "";
$database = "";

// Establish MySQL Connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("MySafeServer Database Connection Failed: " . $conn->connect_error);
}

// prepare statement
$stmt = $conn->prepare($sql) or die($conn->error);

// bind parameters
// watch this is the tricky dynamic part I got help from the following, but may need some work:
// http://stackoverflow.com/questions/627763/php-and-mysqli-bind-parameters-using-loop-and-store-in-array
// http://no2.php.net/manual/en/mysqli-stmt.bind-param.php#89171
call_user_func_array( array($stmt, 'bind_param'), array_merge(array($stmt, $binding_type), $get_params));

// execute
if( $stmt->execute() )
  echo "success!";
else
  echo $stmt->error;

$stmt->close();
$conn->close();

?>