提交时无法在数据库中插入时间戳

I have this form and process page.
On a form page, there are two hidden inputs id and reg_time values set to null at the "end " when executing no problem with id but under the row reg_time I get 0000-00-00 00:00:00 timestamp set in table users. Any suggestions why?

  function post($POST)
 {   
   $POST = array_map('trim', $_POST);
   $hash = "$2y$10$";
   $salt = "nekiludistringzahash22";
   $his = $hash . $salt;
   $POST['pass'] = crypt($_POST['pass'],$his);
   return $POST;  
 }

 $sql = "insert into users values(:" . implode(",:", array_keys(post($_POST))) . ");";




try{
     $db = new PDO('mysql:host=localhost;charset=utf8;dbname=dbname','root','');
     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

 }catch (PDOException $e) 

{

     die("Conn problem " . $e->getMessage());
} 

$reg = $db->prepare($sql);
$reg->execute(post($_POST));

and form

 <form action="exp2.php" method="post">
<input type="hidden" name="id" value="null">

<input type="text"name="uname">
<input type="text"name="pass">
<input type="text"name="name">
<input type="text"name="lname">
<input type="submit">

<input type="hidden" name="reg_time" value = "null">
</form>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doushe8577 2016-07-17 05:43
关注
Your problem is quite common.

Many learners cannot tell a NULL value from a string that consists of four letters "NULL". While the latter has absolutely no special meaning.

And also there are bad news: HTTP protocol is text-based. Means one cannot send anything but a string using an HTTP method, and thus a NULL value cannot be sent over HTTP POST.

To make this code work, you have to add your NULLs at the server side, just like you are doing it for the password:

function post($POST) { $POST = array_map('trim', $_POST); $hash = "$2y$10$"; $salt = "nekiludistringzahash22"; $his = $hash . $salt; $POST['pass'] = crypt($_POST['pass'],$his); $POST['reg_time'] = NULL; $POST['id'] = NULL; return $POST; }

However, it is not the main problem with your code. The worst news is that your code is severely vulnerable to sql injection, despite the seemingly proper binding.

To make it safe, make your function accept the list of allowed fields, and assign a NULL value to absent ones:

function post($allowed) { $post = array(); foreach ($allowed as $key) { if (isset($_POST[$key])) $post[$key] = trim($_POST[$key]); else $_POST[$key] = NULL; } $hash = "$2y$10$"; $salt = "nekiludistringzahash22"; $his = $hash . $salt; $POST['pass'] = crypt($_POST['pass'],$his); }

And then call it like this:

$post = post(array('id','uname','pass','name','lname','reg_time')); $sql = "insert into users values(:" . implode(",:", array_keys($post)).");"; $reg = $db->prepare($sql); $reg->execute($post);

this way you will have all the field names filtered out.

As a bonus, you'll be able to assign a custom value to your submit button ;)
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

提交时无法在数据库中插入时间戳 php
2016-07-17 05:11

回答 1 已采纳 Your problem is quite common. Many learners cannot tell a NULL value from a string that consists
如何从mySQL数据库中获取时间戳？ mysql php
2019-05-03 12:29

回答 2 已采纳 You are creating a new instance of Post when you do $timepost = new Post(); If you want to read o
Laravel从数据库中获取时间戳 laravel php
2017-09-06 13:11

回答 1 已采纳 the database column is called created_at
如何在php中写入数据,PHP怎么插入数据库
2021-04-13 14:52

砸胡桃的博客 PHP怎么插入数据库导语：PHP这么链接数据库呢？以下的是百分网小编为大家搜集PHP插入数据库的方法，希望对你有所帮助。$ostype=$_POST['ostype'];$uuid=$_POST['uuid'];$nowtime=time();$username='XXXX';$userpass=...
事务中数据库查询的时间戳 database laravel mysql php
2015-07-16 18:59

回答 1 已采纳 The only way I can seeing it working, as it seems mission critical that your data isn't messed up
结果在UNIX时间戳中插入mysql数据库 mysql php
2012-07-30 05:29

回答 6 已采纳 echo $date = preg_replace('/^(\d\d)\/(\d\d)\/(\d{4})$/', '$3-$1-$2', $_POST['date']); I think th
在php中插入的时间戳 mysql php
2012-07-04 01:15

回答 3 已采纳 The call to NOW() should not be inside quotes, but the arguments that follow it should be quoted.
PHP将时间戳插入MySQL数据库的问题
2023-09-22 20:29

PeGroovy的博客首先，我们需要创建一个MySQL数据库和相应的数据表来存储时间戳。假设我们已经创建了一个名为"mydatabase"的数据库，并在其中创建了一个名为"timestamps"的数据表。...现在，我们可以使用PHP将时间戳插入到数据库中。
将时间戳插入数据库，格式为：1311602030 database php
2016-12-28 13:24

回答 1 已采纳 Assuming you are using MySQL, what you are looking for is UNIX_TIMESTAMP: INSERT INTO my_table (t
PHP我需要在php日期函数中执行此时间戳 php
2019-04-04 05:52

回答 2 已采纳 A look into the docu helps: https://www.php.net/manual/en/function.date.php And the solution is:
用于在PHP中存储时间戳的数据库结构 mysql php
2013-06-14 04:53

回答 2 已采纳 table --------------------------------------------- user_id(referenced by id) | login_date (datet
php链接中加入时间戳,需要在每个连接的PHP / MySQL中使用UTC时间戳转换
2021-04-17 03:22

weixin_39612733的博客我想独立于服务器上配置的时区,因此在脚本中我将时区设置为：mysql_...服务器当前配置为Europe / Moscow,当前为UTC 4然后在PHP网站中,从数据库中选择如下内容：date_default_timezone_set('Europe/Berlin');$sth = $...
PHP数据库时间戳格式 html php
2015-02-01 23:44

回答 1 已采纳 try this: echo "<a class='article-autor'>geschrieben von $row[AUTOR] am"."$d->format('j.
SQL Server时间戳功能与用法详解
2020-12-15 19:05

每个数据库都有一个计数器，当对数据库中包含 timestamp 列的表执行插入或更新操作时，该计数器值就会增加。该计数器是数据库时间戳。这可以跟踪数据库内的相对时间，而不是时钟相关联的实际时间。一个表只能有一个...
php 时间戳查询数据库,PHP可以安全地使用unix时间戳来查询mysql数据库吗？
2021-04-18 12:13

初見目的博客假设：用户正在将记录插入数据库为该记录生成插入日期的Unix时间戳现在，用户希望查询数据库中的日期间隔：用户在其本地时区中提供2个日期使用这些值将时区转换为UTC并获取时间戳根据转换后的2个整数查询数据库中的...
没有解决我的问题, 去提问

悬赏问题

¥15 安卓adb backup备份应用数据失败
¥15 eclipse运行项目时遇到的问题
¥15 关于#c##的问题：最近需要用CAT工具Trados进行一些开发
¥15 南大pa1 小游戏没有界面，并且报了如下错误，尝试过换显卡驱动，但是好像不行
¥15 没有证书，nginx怎么反向代理到只能接受https的公网网站
¥50 成都蓉城足球俱乐部小程序抢票
¥15 yolov7训练自己的数据集
¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)（相关搜索：51单片机|单片机|测试代码）
¥15 电力市场出清matlab yalmip kkt 双层优化问题
¥30 ros小车路径规划实现不了，如何解决？(操作系统-ubuntu)

提交时无法在数据库中插入时间戳

1条回答 默认 最新

悬赏问题

1条回答默认最新