sql查询未运行
问题描述:
<?php
include"connect.php";
$name = $_REQUEST['name'];
$address = $_REQUEST['address'];
$password = $_REQUEST['password'];
$email = $_REQUEST['email'];
$number = $_REQUEST['number'];
$hear = $_REQUEST['hear'];
$money = $_REQUEST['money'];
$artist = $_REQUEST['artist'];
$security = $_REQUEST['security'];
$city = $_REQUEST['city'];
$pro = $_REQUEST['pro'];
$role = $_REQUEST['role'];
$accname = $_REQUEST['accname'];
$accpass = $_REQUEST['accpass'];
$accno = $_REQUEST['accno'];
$seaccname = $_REQUEST['seaccname'];
$seaccpass = $_REQUEST['seaccpass'];
$seaccno = $_REQUEST['seaccno'];
$contracts = $_REQUEST['contracts'];
$statements = $_REQUEST['statements'];
$result = mysqli_query($con, "insert into signup set name='$name',email='$email',password='$password' ,address='$address',cell_phone_number='$number',heard_from='$hear',money_time='$money',fav_artist='$artist',fav_city='$city',security_question='$security',pro='$pro',pro_acc_name='$accname',pro_acc_password='$accpass',pro_acc_number='$accno',se_acc_name='$seaccname',se_acc_pass='$seaccpass',se_ac_number='$seaccno',rec_contract_copy='$contracts',rec_label_copy='$statements',role='$role'");
//$result= mysqli_query($con, "INSERT INTO signup (name, email,password, address,cell_phone_number, heard_from,money_time, fav_artist,fav_city,security_question, pro,pro_acc_name, pro_acc_password,pro_acc_number, se_acc_name,se_acc_pass, se_ac_number,rec_contract_copy, rec_label_copy,role) VALUES ('$name', '$email', '$password', '$address', '$number', '$hear', '$money', '$artist', '$security', '$city', '$pro', '$role', '$accname', '$accpass', '$accno', '$seaccname', '$seaccpass', '$seaccno', '$contracts', '$statements')");
if($result==true)
{
//echo "<script>alert('user successfully added')</script>";
echo "Success";
}
else{
echo "Failed" ;
}
?>
答
它不会运行,因为您的查询错误,您正在使用更新格式的insert语句。
$result= mysqli_query($con, "INSERT INTO signup (name, email,password, address,cell_phone_number, heard_from,money_time, fav_artist,fav_city,security_question, pro,pro_acc_name, pro_acc_password,pro_acc_number, se_acc_name,se_acc_pass, se_ac_number,rec_contract_copy, rec_label_copy,role) VALUES ('$name', '$email', '$password', '$address', '$number', '$hear', '$money', '$artist', '$security', '$city', '$pro', '$role', '$accname', '$accpass', '$accno', '$seaccname', '$seaccpass', '$seaccno', '$contracts', '$statements')");
进一步信息,开始使用预处理语句PDO
答
它看起来OK。问题可能出现在connect.php中,或$ _REQUEST中的名称与发送请求的文件不同。同时检查您要插入的数据库中的属性名称是否与查询中的名称匹配。
然后检查真正的错误。如果你不知道如何,请询问。连接是未知的,如果所有的$ _REQUEST都有价值。 –
mysqli_error($ con)的输出是什么? – LordNeo
您的代码易受[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻击。您应该通过[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https ://secure.php.net/manual/en/pdo.prepared-statements.php)驱动程序。 [**这篇文章**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)有一些很好的例子。 –