PHP PDO-将数据插入数据库时​​出错

Question

我正在尝试将数据插入数据库，但由于某种原因，代码无效。这是我正在使用的形式。

<form id="registration" method="post" action="index.php" style="display: none;">
                <label for="username" class="username">
                    Username
                </label>    
                <input type="text" name="r-username" id="r-username" placeholder="Username" required/>
                <label for="password">
                    Password
                </label>    
                <input type="password" name="password" id="password" placeholder="Password" required/>
                <label for="check_password" class="check_password">
                    Password Check
                </label>    
                <input type="password" name="check-password" id="check_password" placeholder="Password again" required/>
                <label for="e-mail">
                    E-mail
                </label>    
                <input type="email" name="e-mail" id="e-mail" placeholder="E-mail" required/>
                <label for="check-e-mail" class="check_email">
                    E-mail Check
                </label>    
                <input type="email" name="check-e-mail" id="check-e-mail" placeholder="E-mail again" required/>
                <input type="submit" name="submit" class="submit" value="Register"/> 
            </form>

这是PHP代码：

if(isset($_POST['r-username']))
                {
                    $name=$_POST['r-username'];
                    $pass=$_POST['password'];
                    $passcheck=$_POST['check-password'];
                    $mail=$_POST['e-mail'];
                    $mailcheck=$_POST['check-e-mail'];
                    if($name==''||$pass==''||$passcheck==''||$mail==''||$mailcheck=='')
                    {
                        echo "<script type='text/javascript'>alert('Field must be filled.');</script>";
                    }
                    elseif(strlen($pass)<=6) 
                    {
                        echo "<script type='text/javascript'>alert('Password is too short.');</script>";
                    }
                    elseif(strlen($pass)>=20) 
                    {
                        echo "<script type='text/javascript'>alert('Password is too long.');</script>";
                    }
                    elseif($pass!==$passcheck) 
                    {
                        echo "<script type='text/javascript'>alert('Passwords must be same.');</script>";
                    }
                    elseif($mail!==$mailcheck) 
                    {
                        echo "<script type='text/javascript'>alert('Emails must be same.');</script>";
                    }
                    else
                    {
                        $sql5='INSERT INTO user(user_name,password,joined,user_email) VALUES(:username,:password,Now(),:email)';
                        $query1=$db->prepare($sql5);
                        $result=$query1->execute(array( ":username" => $name, 
                                                        ":password" => $pass, 
                                                        ":email" => $mail
                                                      ));
                        if($result)
                        {
                            echo "<script type='text/javascript'>alert('Inserted.');</script>";
                        }
                        else
                        {
                            echo "<script type='text/javascript'>alert('ERROR.');</script>";
                        }
                    }
                }

代码运行但id不做任何事情。它只是重新加载页面回声消息ERROR并且没有数据插入数据库。对不起，我的英文不好，感谢可能的答案：）。

Answer 1

您应该使用：

    $sql5 = mysql_query("INSERT INTO `[database_name]`.`[table_name]` (user_name,password,joined,user_email) VALUES('$name','$pass','Date()','$mail');)";

你也应该通过使用这种类型的代码来获取变量，因为人们可以在你的表单中键入html代码，所以当你试图获取它时它将执行该代码。但是如果你使用这个方法所有的html标签，如＆lt; html＆gt ;将被翻译。你可以在其上看到更多here。 这是代码。

    $name = stripslashes(mysql_real_escape_string(htmlentities($_POST['r-username'])));

再见，Marko。