我试图将数据从简单的寄存器形式插入到MySQL中。我在Amazon AWS RDS上托管了我的数据库,使用DBeaver进行编辑。当我运行代码时,我得到以下
affected_rows&#34。数据插入数据库。&#34 ;; } else {echo" An 错误已经发生。没有添加项目。&#34 ;; } $ db-> close(); ?>
我该如何解决这个问题?我的PHP错了吗?我是否可以使用MySQLi感到困惑,我该怎么做?我假设Amazon RDS MySQL兼容。
<?php
// create short variable names
$name=$_POST['name'];
$birthdate=$_POST['birthdate'];
$email=$_POST['email'];
$password=$_POST['password'];
$address=$_POST['address'];
$city+$_POST['city'];
if (!get_magic_quotes_gpc()) {
$name = addcslashes($name);
$birthdate = addslashes($birthdate);
$email = addcslashes($email);
$password = addcslashes($password);
$address = addcslashes($address);
$city = addcslashes($city);
}
$host='xxxxxx'
$user='admin'
$password='xxxxx'
$dbname='users'
@ $db = mysqli_connect($host,$user,$password,$dbname)
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
// Execute the query
$query = "INSERT INTO vestorinfo (name,birthdate,email,password,address,city)
VALUES ('$_POST[name]','$_POST[birthdate]','$_POST[email]','$_POST[password]','$_POST[address]','$_POST[city]')";
$result = mysqli_query($query)
or die ("Couldn't execute query."};
if ($result) {
echo $db->affected_rows." data inserted into database.";
} else {
echo "An error has occurred. The items were not added.";
}
$db->close();
?>
以下是html页面的表格
<div id="registerform">
<form action="php/registerprocess.php" method="post" class="form-horizontal">
<fieldset>
<!-- Form Name -->
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="name">Name</label>
<div class="col-md-4">
<input id="name" name="name" placeholder="Your name" class="form-control input-md" required="" type="text">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="birthdate">Birth Date</label>
<div class="col-md-4">
<input id="birthdate" name="birthdate" placeholder="07/04/1950" class="form-control input-md" required="" type="text">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="email">Email</label>
<div class="col-md-4">
<input id="email" name="email" placeholder="" class="form-control input-md" required="" type="text">
</div>
</div>
<!-- Password input-->
<div class="form-group">
<label class="col-md-4 control-label" for="password">Password</label>
<div class="col-md-4">
<input id="password" name="password" placeholder="" class="form-control input-md" required="" type="password">
<span class="help-block">Must be >= 8 characters including at least 1 number</span>
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="email">Address</label>
<div class="col-md-4">
<input id="address" name="address" placeholder="" class="form-control input-md" required="" type="text">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="email">City</label>
<div class="col-md-4">
<input id="city" name="city" placeholder="" class="form-control input-md" required="" type="text">
</div>
</div>
</div>
</fieldset>
答案 0 :(得分:1)
你的代码存在sql注入的风险,你应该使用param绑定而不是var作为$ _POST 无论如何,尊重您的问题是缺少插入值 可能是因为与你以错误方式引用$ _POST索引的事实有关
例如:使用连接,你应该
$query = "INSERT INTO vestorinfo (name,birthdate,email,password,address,city)
VALUES ('" . $_POST['name'] ." , " . $_POST['birthdate'] .", " .
$_POST['email'] . "," . $_POST['password'] . "," .
$_POST['address'] . "," . $_POST['city'] . ")";