1

我正在尝试进行一个简单的查询,该查询将使用用户上次登录的时间更新用户数据库。我的 SQL 数据库有几列id | first_name | last_name | username| password | date_created | last_login我要运行的查询是:

$sql="INSERT INTO (CLL_users) SET last_login= $dateCreated WHERE username= $username";
$result=mysql_query($sql);

这是成功验证后加载的页面的整个代码,我确实意识到它是由于 SQL 注入而使用的最糟糕的方法,但是一旦我得到正确的查询,我将为 PDO 准备语句重新编码,这只是我发现的一个例子另一个网站,我正在修改它以添加 last_login 参数。

<?php
session_start();
$host="localhost"; // Host name 
$username="user"; // Mysql username 
$password="XXXXX"; // Mysql password 
$db_name="DB"; // Database name 
$tbl_name="users"; // Table name 
date_default_timezone_set('America/Chicago');
$dateCreated = date('m/d/Y h:i:s a', time());

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="INSERT INTO (CLL_users) SET last_login= $dateCreated WHERE username= $username";
$result=mysql_query($sql);

if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
    <head>
        <title> Welcome</title>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
            <LINK href="CLL.css" rel="stylesheet" type="text/css">
    </head>
 <body>
     <?php echo $dateCreated ?>
<p>Login Successful</p>
</body>
</html>
4

5 回答 5

3 
$sql="update CLL_users SET last_login= $dateCreated WHERE username= $username";
$result=mysql_query($sql);
于 2012-11-01T03:51:14.567 回答
2

您需要在 dateCreated 和 username 变量周围加上单引号。

Also, you need to use an update statement to update an existing record rather than doing an insert. If you echo the $sql variable you will see that your insert statement isn't valid and wont work if you try to run it manually on the database.

eg. $sql="UPDATE CLL_users SET last_login='$dateCreated' WHERE username='$username'";

于 2012-11-01T03:47:29.377 回答
2

Well first of all i will suggest to surround you variables with single quotes and next i will suggest you to use the following syntax for your insert. INSERT INTO table (COLUMN1, COLUMN2,COLUMN3) VALUES('value1','value2','value3')

Also replace INSERT INTO for UPDATE if what you want is update the row rather than insert something.

于 2012-11-01T03:50:21.723 回答
2

Cause of error is, you dont have insert query with Set option if you would like to update the table follow this for sql variable 

 $sql = "UPDATE CLL_users SET last_login= '$dateCreated' WHERE username='$username'";

Document For Insert Document for update

于 2012-11-01T03:52:29.270 回答
1

You can't use INSERT to update existing records in the table. Use UPDATE query

$sql="UPDATE CLL_users SET last_login= '$dateCreated' WHERE username= '$username'";
于 2012-11-01T03:48:55.783 回答