-2

当用户在我的网站上注册时,他们需要输入个人详细信息。输入的详细信息将添加到我的数据库中的个人详细信息表中。我有以下代码,但它不起作用,我不知道为什么。任何人都可以帮忙吗?我收到错误:查询为空

    $myusername=$_POST['username'];
    $mypassword=$_SESSION['mypassword'];
    $firstname = $_POST['firstname'];
    $surname = $_POST['surname'];
    $dob = $_POST['dob'];
    $totalwins = $_POST['totalwins'];
    $totalloses = $_POST['totalloses'];
    $email = $_POST['email'];
    $country = $_POST['country'];
    $info = $_POST['info'];

    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    $queryreg = mysql_query("

                INSERT INTO $tbl_name VALUES('','','$myusername','$mypassword''$firstname','$surname','$totalwins','$totalloses','$email','$country','$info','$dob' )
        ");

if (!mysql_query($sql))
      {
     die('Error: ' . mysql_error());
      }
      else  {
      echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
    }
4

4 回答 4

2

如果您使用具有自动增量的主字段,则应指定字段名称:

$queryreg = mysql_query("INSERT INTO $tbl_name (field1,field2,field3 ecc) VALUES( ... )");

你的代码也容易被注入,uso PDO

于 2012-05-25T14:58:42.173 回答
0

查询为空,因为您在行中没有为 $sql 分配任何值

if (!mysql_query($sql))

要解决,您必须像这样分配它:

  $sql = "update  $tbl_name set ...";
  if (!mysql_query($sql))
于 2012-05-25T15:02:12.143 回答
0

你的代码有很多东西让我害怕......

更改为以下内容(之后您缺少逗号$mypassword并且$sql设置不正确)。 

$sql = "INSERT INTO $tbl_name ( [list columns here besides autoincrement ] ) 
    VALUES 
    ('', '$myusername', '$mypassword', '$firstname', '$surname', 
    '$totalwins', '$totalloses', '$email', '$country', '$info', '$dob' )");

if (!mysql_query($sql)) {
于 2012-05-25T15:02:18.897 回答
0

首先,您的代码会受到 SQL 注入的影响。请准备好并转义您的帖子数据!这对于防止 SQLinjection 攻击非常重要。请仔细阅读。

然后,由于这个而发生错误

if (!mysql_query($sql))
  {
 die('Error: ' . mysql_error());
  }
  else  {
  echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
}

您似乎没有名为 $sql 的变量,并且您正在执行两个查询!

请执行以下操作并发布您的反馈

$sql = "INSERT INTO $tbl_name VALUES('','','$myusername','$mypassword''$firstname','$surname','$totalwins','$totalloses','$email','$country','$info','$dob' )";

if (!mysql_query($sql))
  {
 die('Error: ' . mysql_error());
  }
  else  {
  echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
}
于 2012-05-25T15:03:31.860 回答