/*php file*/
<?php
require("DBinfo.inc");
$query= "insert into login (first_name,email,password,picture_path) values ('" . $_GET['first_name'] . "'," . $_GET['email'] . "'," . $_GET['password'] . "'," . $_GET['picture_path'] . "')";
$result = mysqli_query($connect,$query);
if (!$result){
$output="{'msg':'fail'}";
}else{
$output="{'msg':'user is added'}";
}
print($output);
mysqli_close($connect);
?>
/*DBinfo.inc*/
<?php
$host="localhost";
$user="root";
$password="root";
$database ="twitter";
$connect = mysqli_connect($host, $user, $password, $database);
if(mysqli_connect_errno()){
die("Cannot connect to database". mysqli_connect_error());
}
?>
OUTPUT:
{'msg':'fail'}
mysqli正在连接数据库,但未存储数据
我正在使用自己的计算机作为服务器,并运行以下行来执行上述文件:
http://localhost:90/Register.php?first_name=adi&email=a@yagoo.com&password=12345&picture_path=home/u.png
任何人都可以告诉我这是什么错误吗
答案 0 :(得分:1)
设置值时,SQL中缺少'。
更改
$query= "insert into login (first_name,email,password,picture_path) values ('" . $_GET['first_name'] . "'," . $_GET['email'] . "'," . $_GET['password'] . "'," . $_GET['picture_path'] . "')";
到
$query= "insert into login (first_name,email,password,picture_path) values ('" . $_GET['first_name'] . "','" . $_GET['email'] . "','" . $_GET['password'] . "','" . $_GET['picture_path'] . "')";
实际上,您最好使用 Prepared Statements 来设置参数,以避免 Sql Injection