-3

我目前很难理解为什么以下脚本将成功返回给浏览器,但实际上并未将数据插入数据库。我知道我正在使用旧的 MySQL 指令,但我怀疑这应该会造成这个问题。在此先感谢阿利斯泰尔

<?php

ob_start();
$host="localhost"; // Host name 
$username="XXXXXX"; // Mysql username 
$password="XXXXXXXXXXXXXXXXXXX"; // Mysql password 
$db_name="XXXXXXXX"; // Database name 
$tbl_name="XXXXXXXXXX"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define Variables
$myusername=$_POST['username']; 
$password1=$_POST['password1']; 
$password2=$_POST['password2']; 
$emailadd=$_POST['emailadd']; 

if($password1==$password2){
    //Ecnrypt Password Using SHA512
    $password1 = hash("sha512", $password1);
}

else {
    //Passwords don't match return user to form with parameter
    header("location:adduser.php?pwnomatch");
}

//Check user doesn't already exist
$sqlcheckuser="SELECT * FROM $tbl_name WHERE username='$username'";
$result1=mysql_query($sqlcheckuser);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result1);

//If user exists redirect back to login form
if($count==1){
    header("location:adduser.php?userexist");
}

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($myusername);
$password1 = stripslashes($mypassword);
$emailadd = stripslashes($emailladd);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$emailadd = mysql_real_escape_string($emailladd);
$sqlinsertuser="INSERT INTO $tbl_name ('username', 'password', 'emailaddress' VALUES ($username, $password1, $emailadd)";
mysql_query($sqlinsertuser);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result2);

// Register user then redirect to "viewuser.php" with success parameter
header("location:viewuser.php?success");

ob_end_flush();
?>
4

2 回答 2

3
INSERT INTO $tbl_name ('username', 'password', 'emailaddress' VALUES ($username, $password1, $emailadd)

您没有在列名上关闭括号。因此,您的查询应如下所示:

INSERT INTO $tbl_name (`username`, `password`, `emailaddress`) VALUES ($username, $password1, $emailadd)

我在原来的帖子中没有注意到的东西;您使用了引号而不是反引号。

查询中的引号通常代表一个字符串,这里解释了反引号:

在字段名称周围使用反引号

于 2013-03-23T11:44:16.967 回答
1

您的查询字符串中有很多错误。它应该是

$sqlinsertuser="INSERT INTO $tbl_name (`username`, `password`, `emailaddress` )
        VALUES( '$myusername', '$mypassword', '$emailadd' )";

请注意使用反引号而不是撇号来传递字段名称。而引号的用法是在VALUES.


您在查询中使用了错误的变量。

于 2013-03-23T11:47:39.797 回答