0

您好我正在尝试运行多个查询以将某些值插入到某些表和列中。

我目前正在运行此查询,该查询将值插入 ptb_registrations 并且工作正常,但现在我想将其中一些值另外添加到 ptb_users 中,并且我不断收到无法更新数据库错误。

<?php ob_start(); 
// CONNECT TO THE DATABASE
    require('../includes/_config/connection.php');
// LOAD FUNCTIONS
    require('../includes/functions.php');
$username = $_POST['username'];
$password = $_POST['password'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$number = $_POST['number'];
$dob = $_POST['dob'];
$accounttype = $_POST['accounttype'];
$query="INSERT INTO ptb_registrations (id,
username,
password,
firstname,
lastname,
email,
number,
dob,
accounttype,
date_created )
VALUES('NULL',
'".$username."',
'".$password."',
'".$firstname."',
'".$lastname."',
'".$email."',
'".$number."',
'".$dob."',
'".$accounttype."',
now()
)";
mysql_query($query) or dieerr();
function dieerr() {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<title></title>

<link rel="stylesheet" type="text/css" href="css/style.css" media="all" />


</head>
<body background="../assets/img/form/backdrop.png" style="background-repeat:no-repeat; background-size: 100% 2000px;">

<div id="container">
<h1>REGISTRATION WAS UNSUCCESFULL</h1><br/><br/><br/><br/>
<div class="textarea">
    <h3>Oooops! I tried my hardest to register you onto our system but it looks like one of us has made an error :-( Try and have another go and if there is still a problem then contact one of the Tech Team at <a href=\"mailto:support@playtimeboys.com\">Support@PlaytimeBoys.com</a></h3>
</div>
    <div class="man_reg"><img src="../assets/img/help_support/man.png" alt="" width="210" height="214" /></div></div>
<div id="progress_bar">
    <div id="progress"></div>
    <div id="progress_text">Registration Completed</div>
</div>

<style>
.textarea{
    padding-left:55px;
    padding-right:55px;
    text-align:center;
}
.man_reg{
    margin-top:54px;
    margin-left:450px;
}

</style>    
</body>
</html>';
exit;
}
?>

有人可以告诉我如何添加到我现有的查询中:

$result="INSERT INTO ptb_users (id,
user_id,
firstname )
VALUES('NULL',
'NULL',
'".$firstname."',
'".$lastname."',
'".$email."',
'".$number."',
'".$dob."',
'".$accounttype."',
now()
)";
4

1 回答 1

3

立即 停止使用您的代码。您很容易受到 SQL 注入的攻击。您需要使用绑定参数:

$stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $code, $language, $official, $percent);

$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;

/* execute prepared statement */
mysqli_stmt_execute($stmt);

请参阅文档

附加查询将以与您之前的语句相同的方式执行。

$query = "INSERT INTO... ";
mysql_query($query) or die(...);
于 2013-03-14T19:31:39.083 回答