dqx76962 2014-04-30 03:14
浏览 38
已采纳

数据未插入数据库

So I have my form that sends data to my php file that then enters it into the database. Here's the php backend part 

<?php
 $db = new mysqli('localhost','root','x','app');
 $username = $_POST['username'];

 $db->query("INSERT INTO people (first_name) VALUES ('{$username}'");

?>

But my question is, why isn't username being put into the database?

  • 写回答

1条回答 默认 最新

  • dongshi4589 2014-04-30 03:19
    关注

    You are missing a bracket ) in the following line:

    ("INSERT INTO people (first_name) VALUES ('{$username}' ")
                                                       ^ // <= right there

    change it to:

    ("INSERT INTO people (first_name) VALUES ('{$username}')")

    Yet, as pointed out in comments, you are open to SQL injection when using your present method.

    Here follows an example of a prepared statement:

    <?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$mysqli = @mysqli_connect('localhost', 'xxx', 'xxx', 'my_db');

if (!$mysqli) {
    die('Connect Error: ' . mysqli_connect_error());
}

// $username = $_POST['username'];
$username = mysqli_real_escape_string($mysqli,$_POST['username']);

   $sql = ("INSERT INTO people (first_name) VALUES (?)");

    $stmt = $mysqli->prepare($sql) or die("Failed Execution");
    $stmt->bind_param('s', $username);

    $stmt->execute();
    echo $stmt->error;

echo "SUCCESS";

    exit();

    Plus, using error reporting is important before going live.

    Should you want to get into learning PDO,

    Here are a few tutorials for you to look into:

    Here is a PDO example:

    <?php

    $mysql_hostname = 'xxx';
    $mysql_username = 'xxx';
    $mysql_password = 'xxx';
    $mysql_dbname = 'xxx';

    try{

    $db= new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); 

$email = $_POST['email'];
$username = $_POST['username'];

$result_set = $db->prepare("INSERT INTO `yourTable` (`email`, `username`) 

 VALUES (:email, :username)");

$result_set->bindParam(1, $email);
$result_set->bindParam(2, $username);

$result_set->execute(array(':email' => $email, ':username' => $username));

    echo "Data successfully written.";

        return $db;
    }catch(PDOException $e){
        echo $e;
        return false;
    }

?>

    PDO error handling links:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥28 微信小程序开发页面布局没问题,真机调试的时候页面布局就乱了
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀