为什么我不能使用我的webhost在我的数据库中插入数据?

时间:2016-07-17 12:39:26

标签: php mysql

没有错误,但它是Insert Successfully,但是当我检查我的数据库时,表car_category中没有添加任何字段。当我将其转移到在线虚拟主机时,就会发生这种情况。

insert.php 

<?PHP
include_once("connection.php");

if(isset($_POST['txtCarModel']) && isset($_POST['txtCarType']) && 
isset($_POST['txtCapacity']) && isset($_POST['txtImage'])){
$Car_Model = $_POST['txtCarModel'];
$Car_Type = $_POST['txtCarType'];
$Capacity = $_POST['txtCapacity'];
$Image = $_POST['txtImage'];

$query = "INSERT INTO car_category(Car_Model, Car_Type, Capacity, Image) 
VALUES ('$Car_Model', '$Car_Type', $Capacity, '$Image')"; 

$result = mysqli_query($conn, $query);

if($result == 0){
    if(isset($_POST['mobile']) && $_POST['mobile'] == "android"){
        echo "success";
        exit;
    }
    echo "Insert Successfully";   
}
else{
    if(isset($_POST['mobile']) && $_POST['mobile'] == "android"){
        echo "failed";
        exit;
    }
    echo "Something Error";   
}
}

?>
<html>
<head><title>Insert</title></head>
<body>

    <form action="<?PHP $_PHP_SELF ?>" method="post">
        Car Model <input type="text" name="txtCarModel" value=""/><br/>
        Car Type <input type="text" name="txtCarType" value=""/><br/>
        Capacity <input type="text" name="txtCapacity" value=""/><br/>
        Image URL <input type="text" name="txtImage" value=""/><br/>
        <input type="submit" name="btnSubmit" value="Insert"/>
    </form>
</body>
</html>

我会在这里发布我的connection.php以防问题出现在这里。

connection.php 

<?php
$servername = "*****"; 
$username = "*****"; 
$password = "*****";  
$dbname = "******";

$conn = mysqli_connect($servername, $username, $password, $dbname);

if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>

2 个答案:

答案 0 :(得分:0)

您好,试试echo errors 

error_reporting(E_ALL);
ini_set('display_errors',1);// at top of page
// echo $query; die; to see what your query is
$result = mysqli_query($conn, $query) or die(mysqli_errpr($conn));

您的代码sql Vulnerable使用mysqli prepared statementsPDO

您可以尝试 

 <?PHP
        $conn = new mysqli('localhost', 'root', 'password', 'databasename');
     if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
    error_reporting(E_ALL);
    ini_set('display_errors',1);// at top of page

    if(isset($_POST['txtCarModel']) && isset($_POST['txtCarType']) && 
    isset($_POST['txtCapacity']) && isset($_POST['txtImage'])){


    $Car_Model = $_POST['txtCarModel'];
    $Car_Type = $_POST['txtCarType'];
    $Capacity = $_POST['txtCapacity'];
    $Image = $_POST['txtImage'];

           $stmt = $conn->prepare("INSERT INTO car_category (Car_Model, Car_Type, Capacity, Image) VALUES (?, ?, ?,?)");
           $query = "INSERT INTO car_category(Car_Model, Car_Type, Capacity, Image) 
    VALUES ('$Car_Model', '$Car_Type', $Capacity, '$Image')"; 

        $stmt->bind_param("ssss", $Car_Model, $Car_Type, $Capacity,$Image);
        $result = $stmt->execute();
    if($result === false ) {
      die('execute() failed: ' . htmlspecialchars($stmt->error));
    }else{
    echo "New records created successfully";
    }
    $stmt->close();
    $conn->close();

        }

    ?>

答案 1 :(得分:0)

if($result == 0){

这意味着当mysqli_query()无法执行查询时,请执行以下代码。

文档说:

  

失败时返回FALSE。对于成功的SELECT,SHOW,DESCRIBE或EXPLAIN查询,mysqli_query()将返回一个mysqli_result对象。对于其他成功的查询,mysqli_query()将返回TRUE。

由于您正在使用INSERT语句,因此需要true或false。看看else代码,很可能就是它之所以说出“#something; Something Error&#34;你应该将它与$result === true

进行比较

其次,您的代码容易受到SQL注入攻击。在prepare之前了解如何executing语句。

相关问题
最新问题