错误:INSERT INTO注册VALUES(DEFAULT,r,r @ d.com,uuu,uuu,uuu, 工程学,25-34岁,男,111111,谁是你最喜欢的历史 person?,uuuu)你的SQL语法有错误;检查手册 对应于您的MySQL服务器版本,以获得正确的语法 在'@ d.com附近使用,uuu,uuu,uuu,Engineering,25-34,男,111111,Who 是你最喜欢的第1行
我收到此错误但无法解决此问题。感谢。
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// define variables and set to empty values
$nameErr = $emailErr = $userErr = $passErr = $conErr = $compErr = $jobErr = $ageErr = $genderErr = $zipErr = $securityErr = $ansErr = "";
$name = $email = $username = $password = $confirm = $company = $job_function = $age_group = $gender = $zip_code = $security_question = $security_answer = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
$name = $_POST["name"];
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = $_POST["email"];
}
if (empty($_POST["username"])) {
$userErr = "username is required";
} else {
$username = $_POST["username"];
}
if (empty($_POST["password"])) {
$passErr = "password is required";
} else {
$password = $_POST["password"];
}
if (empty($_POST["confirm"])) {
$conErr = "confirm password is required";
}
if($_POST["password"] != $_POST["confirm"]) {
$conErr = "password mismatch";
}
if (empty($_POST["company"])) {
$compErr = "company is required";
} else {
$company = $_POST["company"];
}
if ($_POST["job_function"] == "") {
$jobErr = "job_function is required";
} else {
$job_function = $_POST["job_function"];
}
if ($_POST["age_group"] == "") {
$ageErr = "age_group is required";
} else {
$age_group = $_POST["age_group"];
}
if (empty($_POST["gender"])) {
$genderErr = "gender is required";
} else {
$gender = $_POST["gender"];
}
if (empty($_POST["zip_code"])) {
$zipErr = "zip_code is required";
} else {
$zip_code = $_POST["zip_code"];
}
if ($_POST["security_question"] == "") {
$securityErr = "security_question is required";
} else {
$security_question = $_POST["security_question"];
}
if (empty($_POST["security_answer"])) {
$ansErr = "security_answer is required";
} else {
$security_answer = $_POST["security_answer"];
}
$sql = "INSERT INTO register VALUES (DEFAULT,$name, $email, $username, $password, $company, $job_function, $age_group, $gender, $zip_code, $security_question, $security_answer)";
if ($conn->query($sql) === TRUE) {
header('Location: '.'login.php');
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
表格
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<h1>Let's Create your account</h1>
<div class="form-group">
<label>Name</label>
<input type="text" class="form-control" name="name" required=""><span class="error"><?php echo $nameErr;?></span>
</div>
<div class="form-group">
<label>Email</label>
<input type="email" class="form-control" name="email" required=""><span class="error"><?php echo $emailErr;?></span>
</div>
<div class="form-group">
<label>Enter Username</label>
<input type="text" class="form-control" name="username" required=""><span class="error"><?php echo $userErr;?></span>
</div>
<div class="form-group">
<label>Create a Password</label>
<input type="text" class="form-control" name="password" required=""><span class="error"><?php echo $passErr;?></span>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="text" class="form-control" name="confirm" required=""><span class="error"><?php echo $conErr;?></span>
</div>
<div class="form-group">
<label>Company</label>
<input type="text" class="form-control" name="company" required=""><span class="error"><?php echo $compErr;?></span>
</div>
<div class="form-group">
<label>Job Function</label>
<select class="form-control" name="job_function"><span class="error"><?php echo $jobErr;?></span>
<option selected="" value="">Select Job Function</option>
<option value="Engineering">Engineering</option>
<option value="Business Development / Sales">Business Development / Sales</option>
<option value="Supply Chain / Procurement">Supply Chain / Procurement</option>
<option value="Consultant">Consultant</option>
<option value="Other">Other</option>
</select>
</div>
<div class="form-group">
<label>Age Group</label>
<select class="form-control" name="age_group"><span class="error"><?php echo $ageErr;?></span>
<option selected="" value="">Select Age Group</option>
<option value="18-24">18-24</option>
<option value="25-34">25-34</option>
<option value="35-44">35-44</option>
<option value="45-54">45-54</option>
<option value="55-64">55-64</option>
<option value="65+">65+</option>
</select>
</div>
<div class="form-group">
<label>Gender</label>
<select class="form-control" name="gender"><span class="error" required=""><?php echo $genderErr;?></span>
<option selected="" value="">Select gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</div>
<div class="form-group">
<label>Zip Code</label>
<input type="text" class="form-control" name="zip_code" required=""><span class="error"><?php echo $zipErr;?></span>
</div>
<div class="form-group">
<label>Set Security Question</label>
<select class="form-control" name="security_question" required=""><span class="error"><?php echo $securityErr;?></span>
<option selected="">Select a security question</option>
<option value="Who was your first boss?">Who was your first boss?</option>
<option value="What is the name of your first pet?">What is the name of your first pet?</option>
<option value="Who was your favourite teacher?">Who was your favourite teacher?</option>
<option value="Who is your favourite historical person?">Who is your favourite historical person?</option>
<option value="What was the name of your primary school?">What was the name of your primary school?</option>
<option value="What is the first foreign country you have travelled to?">What is the first foreign country you have travelled to?</option>
<option value="What was the color and make of your first car?">What was the color and make of your first car?</option>
</select>
<br>
<input type="text" class="form-control" placeholder="Type in your answer" name="security_answer" required=""><span class="error"><?php echo $ansErr;?></span>
</div>
<button type="submit" class="btn btn-default" name="submit">Register</button>
</form>
答案 0 :(得分:3)
改变这个:
$sql = "INSERT INTO register VALUES (DEFAULT,$name, $email, $username, $password, $company, $job_function, $age_group, $gender, $zip_code, $security_question, $security_answer)";
到此:
$sql = "INSERT INTO register VALUES (DEFAULT,'".mysqli_real_escape_string($conn,$name)."','".mysqli_real_escape_string($conn,$email)."','".mysqli_real_escape_string($conn,$username)."','".mysqli_real_escape_string($conn,$password)."','".mysqli_real_escape_string($conn,$company)."','".mysqli_real_escape_string($conn,$job_function)."','".mysqli_real_escape_string($conn,$age_group)."','".mysqli_real_escape_string($conn,$gender)."','".mysqli_real_escape_string($conn,$zip_code)."','".mysqli_real_escape_string($conn,$security_question)."', '".mysqli_real_escape_string($conn,$security_answer)."')";
我添加了配额和转义字符串,因此查询不会受到mysql注入攻击的攻击。</ p>