here is the code that creates a simple profile of a user with list of posts :
这是用于创建具有帖子列表的用户的简单配置文件的代码:
<html>
<head>
<title>Welcome ! </title>
</head>
<body>
<?php
$dbcon = mysql_connect('localhost','user','password');
if(!$dbcon)
{
die('<p>'.'Unable to connect to database server'.mysql_error().'</p>');
}
?>
<?php
//select the database
mysql_select_db("rough_site",$dbcon);
//add the user
$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];
$adduser= "INSERT INTO user (user_name, user_password, user_mail) VALUES ($user_name,
$user_password, $user_mail)";
$confirmUser = mysql_query($adduser);
if(!$confirmUser)
{
die("Sorry , but you could not be added as a member of this site . ");
}
?>
<p align="center" ><h2><em>Latest posts by you </em></h2></p><br/>
<?php
// show the latest posts by this user
$user_name = $_POST['user_name'];
$latestposts = "SELECT post_id , post_title from posts ,users where
posts.user_name=users.$user_name " ;
$showlatestposts= mysql_query($latestposts);
?>
<blockquote>
<?php
while($row=mysql_fetch_array($showlatestposts) )
{
echo '<p>'. '<a href = "showpost.php?post_id='. $row['post_id'].'">'.
$row['post_title'].'</a></p><br/>' ;
}
?>
</blockquote>
</body>
</html>
5 个解决方案
#1
0
To insert value from array with named key to string, and to use '' marks, you must enclose it in {} - http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing (Complex (curly) syntax) So, for example,
要将带有命名键的数组中的值插入到字符串中,并使用''标记,必须将其括在{} - http://www.php.net/manual/en/language.types.string.php#language中。 types.string.parsing(复杂(卷曲)语法)因此,例如,
$adduser= "INSERT INTO users set
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";
must be
一定是
$adduser= "INSERT INTO users set
user_name=\"{$_POST['user_name']}\",
user_password=\"{$_POST['user_password']}\",
user_mail =\"{$_POST['user_mail']}\"";
#2
2
Have you check your log file? Turn error_reporting(E_ALL) or maybe adding die(mysql_error()); in your queries... That might help to know what's wrong!
你检查过你的日志文件了吗?打开error_reporting(E_ALL)或者添加die(mysql_error());在你的查询...这可能有助于知道什么是错的!
And if you do an INSERT INTO
如果你做INSERT INTO
It should be
它应该是
INSERT INTO users VALUES (....) and not SET
INSERT INTO用户VALUES(....)而不是SET
SET is for an update
SET用于更新
#3
1
Your INSERT query isnt in the correct syntax, and then you call the die() function, which would in turn result in a blank page.
您的INSERT查询不是正确的语法,然后您调用die()函数,这将导致一个空白页。
Fix the query and you should be good.
修复查询,你应该很好。
Update and the cause of your problem:
You have:
你有:
$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];
And should be:
应该是:
$user_name = mysql_real_escape_string($_POST['user_name']);
$user_password =mysql_real_escape_string($_POST['user_password']);
$user_mail=mysql_real_escape_string($_POST['user_mail']);
You're not closing the function with the parentheses
你没有用括号关闭函数
#4
0
Put this at the top of your file:
把它放在你文件的顶部:
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
?>
I'm guessing that there's an error that you're not being told about, this will enable error reporting.
我猜你有一个错误,你没有被告知,这将启用错误报告。
#5
0
in the browser if you go "view source" you might see the error text, it could be hidden from normal view due to invalid html
在浏览器中,如果你进入“查看源代码”,你可能会看到错误文本,由于无效的html,它可能会从普通视图中隐藏
its probably the single quotes in here causing a syntax error.
它可能是这里引用语法错误的单引号。
$adduser= "INSERT INTO users set
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";
try this instead (see the single quotes in the [ ] are removed, because the whole string is quoted it is not required
试试这个(看到[]中的单引号被删除,因为引用的整个字符串不是必需的
$adduser= "INSERT INTO users set
user_name='$_POST[user_name]',
user_password='$_POST[user_password]',
user_mail = '$_POST[user_mail]'";
as others have recommended you should sanitize your sql parms something like this
正如其他人所建议的那样,你应该清理你的sql parms
$user_name = mysql_escape_string($_POST['user_name']);
$user_password = mysql_escape_string($_POST['user_password']);
$user_mail = mysql_escape_string($_POST['user_mail']);
$adduser= "INSERT INTO users set
user_name='$user_name',
user_password='$user_password',
user_mail = '$user_mail'";
#1
0
To insert value from array with named key to string, and to use '' marks, you must enclose it in {} - http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing (Complex (curly) syntax) So, for example,
要将带有命名键的数组中的值插入到字符串中,并使用''标记,必须将其括在{} - http://www.php.net/manual/en/language.types.string.php#language中。 types.string.parsing(复杂(卷曲)语法)因此,例如,
$adduser= "INSERT INTO users set
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";
must be
一定是
$adduser= "INSERT INTO users set
user_name=\"{$_POST['user_name']}\",
user_password=\"{$_POST['user_password']}\",
user_mail =\"{$_POST['user_mail']}\"";
#2
2
Have you check your log file? Turn error_reporting(E_ALL) or maybe adding die(mysql_error()); in your queries... That might help to know what's wrong!
你检查过你的日志文件了吗?打开error_reporting(E_ALL)或者添加die(mysql_error());在你的查询...这可能有助于知道什么是错的!
And if you do an INSERT INTO
如果你做INSERT INTO
It should be
它应该是
INSERT INTO users VALUES (....) and not SET
INSERT INTO用户VALUES(....)而不是SET
SET is for an update
SET用于更新
#3
1
Your INSERT query isnt in the correct syntax, and then you call the die() function, which would in turn result in a blank page.
您的INSERT查询不是正确的语法,然后您调用die()函数,这将导致一个空白页。
Fix the query and you should be good.
修复查询,你应该很好。
Update and the cause of your problem:
You have:
你有:
$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];
And should be:
应该是:
$user_name = mysql_real_escape_string($_POST['user_name']);
$user_password =mysql_real_escape_string($_POST['user_password']);
$user_mail=mysql_real_escape_string($_POST['user_mail']);
You're not closing the function with the parentheses
你没有用括号关闭函数
#4
0
Put this at the top of your file:
把它放在你文件的顶部:
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
?>
I'm guessing that there's an error that you're not being told about, this will enable error reporting.
我猜你有一个错误,你没有被告知,这将启用错误报告。
#5
0
in the browser if you go "view source" you might see the error text, it could be hidden from normal view due to invalid html
在浏览器中,如果你进入“查看源代码”,你可能会看到错误文本,由于无效的html,它可能会从普通视图中隐藏
its probably the single quotes in here causing a syntax error.
它可能是这里引用语法错误的单引号。
$adduser= "INSERT INTO users set
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";
try this instead (see the single quotes in the [ ] are removed, because the whole string is quoted it is not required
试试这个(看到[]中的单引号被删除,因为引用的整个字符串不是必需的
$adduser= "INSERT INTO users set
user_name='$_POST[user_name]',
user_password='$_POST[user_password]',
user_mail = '$_POST[user_mail]'";
as others have recommended you should sanitize your sql parms something like this
正如其他人所建议的那样,你应该清理你的sql parms
$user_name = mysql_escape_string($_POST['user_name']);
$user_password = mysql_escape_string($_POST['user_password']);
$user_mail = mysql_escape_string($_POST['user_mail']);
$adduser= "INSERT INTO users set
user_name='$user_name',
user_password='$user_password',
user_mail = '$user_mail'";