donglizuo8892 2017-01-09 06:26 采纳率: 0%
浏览 93

INSERT数据已成功,但未显示任何数据

I have yet to find the mistake i make in my coding. I try inserting a data and the code shows no error and when i want to view data it display a blank data like this for example. How do I fix this?

<?php
$connect = mysql_connect('localhost','root','');
$database = mysql_select_db('songdb');

$title = $_POST['title'];
$artist = $_POST['artist'];
$genre = $_POST['genre'];
$language = $_POST['language'];
$lyrics = $_POST['lyrics'];

$insert = "INSERT INTO `songs`(`title`,`artist`,`genre`,`language`,`lyrics`) VALUES('$title','$artist','$genre','$language','$lyrics')";

if(!mysql_query($insert)) {
    echo "Error." .mysql_error();
} else {
    header("Location: insert.php?msg=1");
}
?>
  • 写回答

1条回答 默认 最新

  • dongle0396 2017-01-09 06:30
    关注

    First of all you have to use mysqli extension. Because mysql extension is deprecated and then you have to use prepared statements for preventing from sql injection.

     $connect = mysqli_connect('localhost','root','');
 mysqli_select_db($connect,'songdb');


    $title = $_POST['title'];
    $artist = $_POST['artist'];
    $genre = $_POST['genre'];
    $language = $_POST['language'];
    $lyrics = $_POST['lyrics'];

    //Preapared statement for inserting
    $insert = mysqli_prepare("INSERT INTO songs(title,artist,genre,language,lyrics) VALUES(?,?,?,?,?)");
    mysqli_stmt_bind_param($insert,'sssss', $title,$artist,$genre,$language,$lyrics);

if(!mysqli_stmt_execute($insert)){
echo "Error." .mysqli_error();
}
else { header("Location: insert.php?msg=1"); } ?>

    For more see here http://php.net/manual/en/mysqli.prepare.php

    评论

报告相同问题?