doujiushi9007 2018-04-18 00:41
浏览 95

问题是让mysqli_query执行

I have written the following function in PHP that has a mysqli_query in it that runs without any errors or exceptions. However, the INSERT INTO statement or $insert variable doesn't seem to be working as expected and I can't figure it out. I realize that posting only a portion of the code might make it difficult to ascertain why it is not working, but I am really looking for confirmation that there are no errors in this function.

Do I need to utilize mysqli_real_escape_string for every url provided? I tried altering $website to $_website to account for this, but it returned nothing.

Just really trying to figure out if there's anything I'm doing wrong here that's prevent the SQL query to work. It returns no error which is making it hard to debug. Thanks in advance!

$jp = mysqli_connect("localhost", "myuser", "password", "mydatabase");

if (!$jp) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}



function create_distributor( $new_user_id ) {
  $errors = new WP_Error();
  $error=false;
  $errorMsg='';
  $logo=true;
  $name=addslashes(htmlentities($_REQUEST['name']));
  $contact=addslashes(htmlentities($_REQUEST['contact_info']));
  $user_info = get_userdata( $new_user_id );

  $website = $_POST['website'];
  if (stripos($website, "http://") !== 0)   //doesn't start with http:// ? , then add it
      $website = "http://" . $website; 
  // $_website = mysqli_real_escape_string($jp, $website); // THIS DOESNT RETURN ANYTHING
  $subdir = $user_info->user_nicename; // use nicename because user_login is obfuscated as unverified
  $distribpath = 'http://ghq.com/dhdq/'.$subdir;
  $ga_code = 'UA-15331916-1'; //default GA code
  $logo = 'http://ghq.com/wp-content/themes/CAG/img/ghlogo.jpg'; //default png logo

  if(!isset($_REQUEST['name']) || $_REQUEST['name']=='')
  {
    $error=true;
    $errors->add('Distributor Name is required', __('<strong>ERROR</strong>:Distrubutor\'s name was not provided.'));
  }
  if($error)
  {
    return($errorMsg);
  }


  $insert="INSERT INTO distributor (id, name, contact, logo, path, subdir, website, ga_code) VALUES ('".$new_user_id."','".$name."','".$contact."','".$logo."','".$distribpath."','".$subdir."','".$website."','".$ga_code."')";
//   var_dump($insert); 

        // The var_dump print out above is the following SQL Command which if copied and pasted 
    in phpmyadmin works fine: string(252) "INSERT INTO distributor (id, name, contact, 
logo, path, subdir, website, ga_code) VALUES ('1748','test24','','http://ghq.com/wp-content/themes/CAG/img/ghlogo.jpg',
                'http://ghq.com/dhdq/test24','test24','','UA-15331916-1')"




  mysqli_query($jp, $insert);
  if ( false===$insert ) {
  printf("error: %s
", mysqli_error($jp));
}
  else {
    echo 'done.';
  }
  if($error)
  {
    return $errors;
  }
  else
  {
    return($id);
  }
}
  • 写回答

1条回答 默认 最新

  • dongshen6060 2018-04-18 00:57
    关注

    The problem I can see straight off is you are checking your sql variable instead of the query result.

    mysqli_query($jp, $insert);
if ( false===$insert ) {
  printf("error: %s
", mysqli_error($jp));
}
  else {
    echo 'done.';
}

    Try changing it to:

    $result = mysqli_query($jp, $insert);
if (!$result) {
  printf("error: %s
", mysqli_error($jp));
}else {
    echo 'done.';
}

    Also whats $jp? it doesn't look like you have assigned it anything. Make sure this is the variable that has your mysqli_connect on it. With your question regarding mysqli_real_escape_string, you should really be utilizing mysqli prepared statements as well. All user input should be sanitized.

    评论

报告相同问题?

悬赏问题

  • ¥15 vue3加ant-design-vue无法渲染出页面
  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计
  • ¥15 路易威登官网 里边的参数逆向
  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?
  • ¥50 需求一个up主付费课程
  • ¥20 模型在y分布之外的数据上预测能力不好如何解决
  • ¥15 processing提取音乐节奏
  • ¥15 gg加速器加速游戏时,提示不是x86架构
  • ¥15 python按要求编写程序