我想尝试获取如果存在playername它应该给出一个消息,名称存在尝试其他playername 如果不存在则应该成功插入db。
if (isset($_POST['save'])) {
$playername = $_POST['playername'];
$messagetosend = $_POST['messagetosend'];
$svar = $_POST['svar'];
$sentmessage = $_POST['sentmessage'];
$datum = $_POST['datum'];
mysqli_query($db, "INSERT INTO rekrytering (playername, messagetosend, svar, sentmessage, datum) VALUES ('$playername', '$messagetosend', '$svar', '$sentmessage', '$datum')");
$_SESSION['message'] = "Player saved";
$_SESSION['playername'] = "Player Name Exist";
header('location: index.php');
}
提前致谢
答案 0 :(得分:-1)
要显示INSERT查询的结果,您需要使用mysqli_error:
变化:
mysqli_query($db, "INSERT INTO rekrytering (playername, messagetosend, svar, sentmessage, datum) VALUES ('$playername', '$messagetosend', '$svar', '$sentmessage', '$datum')");
要:
mysqli_query($db, "INSERT INTO rekrytering (playername, messagetosend, svar, sentmessage, datum) VALUES ('$playername', '$messagetosend', '$svar', '$sentmessage', '$datum')") or die(mysqli_error($db));
另一种做同样的方法如下 -
if(!mysqli_query($db,"INSERT INTO rekrytering (playername, messagetosend, svar, sentmessage, datum) VALUES ('$playername', '$messagetosend', '$svar', '$sentmessage', '$datum')")) {
echo("Error occurred: " . mysqli_error($db));
}
所有这一切,您的代码很容易受到SQL注入的影响,因为您在$_POST语句中直接使用INSERT值。
我强烈建议您使用prepared statements来防止SQL注入漏洞等。
必读之一是:Bobby Tables: A guide to preventing SQL injection (PHP)