我努力调试以下insert.php文件。运行此命令和关联的webform文件inwamp服务器时没有错误,但它不会将数据读取到数据库。有人可以对此发表评论吗?
?php
if (isset($_POST['submit'])) {
//Connect to the database
$host="localhost";
$user="root";
$password="";
$dbc=mysql_connect($host,$user,$password) or die("Connection Error");
$db_name="userregistration";
mysql_select_db("$db_name") or die ("Could not select database");
//Reading data from form and writing to the DB
$fname = $_POST['fname'];
$institution = $_POST['institute'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$pgm = $_POST['pgm'];
$address = $_POST['address'];
//Examining for input errors
$error = FALSE;
if (isset($address)) {
$address = trim($address);
$address = strip_tags($address);
}
if (isset($fname) &&
isset($institute) &&
isset($email) &&
isset($phone) &&
isset($pgm) &&
isset($address) &&
$error == FALSE) {
$process = TRUE;
} else {
$process = FALSE;
}
//Writing the multiple answers for user selected programs
while ((list($key,$val) = each($pgm))) {
$pgm .= "[" . $val . "]";
}
//Creating the table
$query = "create table userdata
( sid int unsigned not null auto_increment primary key,
fname char(50) not null,
institute char(50) not null,
email char(50) not null,
phone int unsigned,
pgm text not null,
address char(200) not null)";
$q = mysql_query($query);
//Inserting the data
$query = "insert into userdata values ('','$fname','$institute','$email','$phone','$pgm','$address')";
$q = mysql_query($query);
//Check whether data was properly inserted
if (!$q) {
exit("<p>MySQL Insertion failure.</p>");
} else {
mysql_close();
echo "<p>MySQL Insertion Successful</p>";
}
}
?>
有人可以对此发表评论吗?
答案 0 :(得分:1)
尝试添加
or die(mysql_error());
在你的mysql_query($ query)之后。如果失败肯定会出现错误......
答案 1 :(得分:1)
你是否试图回应$ q?它应该在尝试添加到数据库时确切地说出错误。
答案 2 :(得分:1)
//Check whether data was properly inserted
if (!$q) {
die(mysql_error());
exit();
} else {
mysql_close();
echo "<p>MySQL Insertion Successful</p>";
}
答案 3 :(得分:0)
我最好的猜测是该表已经存在,所以当用户提交表单时,您的代码再次尝试创建已经存在的表'userdata',然后就死了。
您应该从代码中删除create语句,因为在每次提交时,它都会尝试创建一个已存在的表。在传递给SQL语句之前,您还应该考虑转义基于数据的数据,因为您现在只是要求SQL注入攻击。