当前位置: 文江博客话题详情

发布到数据库

发布于 2024-11-19 15:56:17 字数 1066 浏览 0 评论 0原文

所以我有这样的代码,它接受用户插入的消息/帖子,并将其发布到数据库,然后显示一个单独的页面。我已经让展示公园工作正常,它只是试图插入数据库,这就是问题所在
这段代码...

<?php  
mysql_connect("localhost", "root", "");  
mysql_select_db("test");     
$time = time();  
mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');      
echo "Thread Posted.<br><a href='Untitled9.php'>Return</a>";  
?>

不会将信息发布到数据库中!

这是为什么?如何解决?

  id      int(11)                          No None AUTO_INCREMENT               
  title   varchar(255)  latin1_swedish_ci  No None                
  message text           latin1_swedish_ci  No None                
  author  varchar(255)   latin1_swedish_ci  No None                
  replies int(11)                           No None                
  posted  varchar(255)   latin1_swedish_ci  No None                
  votes_up int(11)                          No 0                
  votes_down int(11)                        No 0
原文

So i have so code that takes a message/post users insert and its meant to post it to a database and this then displays and a seperate page. Ive got the displaying park working fine its just trying to insert to database which is the problem

This code...

<?php  
mysql_connect("localhost", "root", "");  
mysql_select_db("test");     
$time = time();  
mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');      
echo "Thread Posted.<br><a href='Untitled9.php'>Return</a>";  
?>

wont post the infomation into the database!

Why is this and how can it be resolved?

  id      int(11)                          No None AUTO_INCREMENT               
  title   varchar(255)  latin1_swedish_ci  No None                
  message text           latin1_swedish_ci  No None                
  author  varchar(255)   latin1_swedish_ci  No None                
  replies int(11)                           No None                
  posted  varchar(255)   latin1_swedish_ci  No None                
  votes_up int(11)                          No 0                
  votes_down int(11)                        No 0

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

哥,最终变帅啦 2024-11-26 15:56:17

更新:

应该发布而不是注明日期。

这是你的问题:

mysql_query "INSERT INTO threads (title, message, author, posted);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

将其更改为:

mysql_query("INSERT INTO threads (title, message, author, posted) VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');");

我看到你也有空值,这让我相信你使用带有自动增量的ID,如果是这种情况,你也需要提供这个。示例:

编辑:此处

mysql_query("INSERT INTO threads (id,title, message, author, posted) VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','$time');");

请注意,直接从发布数据插入值是不安全的,会让您容易受到各种攻击。

Update:

Should be posted not dated.

Heres your problem:

mysql_query "INSERT INTO threads (title, message, author, posted);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

Change it to:

mysql_query("INSERT INTO threads (title, message, author, posted) VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');");

I see you have null values also, this makes me believe your using an ID with an auto increment, if this is the case, you need to supply this also. Example:

Edit: Here

mysql_query("INSERT INTO threads (id,title, message, author, posted) VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','$time');");

Note inserting values straight from post data is unsafe and leaves you open to various attacks.

回复 原文
天涯离梦残月幽梦 2024-11-26 15:56:17

您尝试添加到新行的值多于指定的值。

mysql_query "INSERT INTO threads (title, message, author, dated);"

您要设置 4 个值

VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

,并且要分配 6 个值。

这是不可能的

同时验证 $_POST 数据 = 阅读此 从不信任用户输入

并阅读手册 PHP & MYSQL

The values you are trying to add to the new row are more that the assigned values .

mysql_query "INSERT INTO threads (title, message, author, dated);"

that are 4 values you want to set

VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

and you are assigning 6 values.

which is not possible

Also validate $_POST data = read this Never trust user input.

And read the manual PHP & MYSQL

回复 原文
孤凫 2024-11-26 15:56:17

分号正在结束您的 sql 语句。你的询问还没有结束。您仍然需要指定要插入的值。

The semicolon was ending your sql statment. Your query wasn't finished. You still needed to specify the values you wanted to insert.

回复 原文
奢望 2024-11-26 15:56:17
mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');

您提前结束了字符串。应该是:

mysql_query("INSERT INTO threads (title, message, author, dated)
  VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time')");

此外,您的代码很可能成为 SQL 注入的目标。您应该使用 MySQLi 类和 PreparedStatement 插入您的帖子。

mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');

You ended the String to early. Should be:

mysql_query("INSERT INTO threads (title, message, author, dated)
  VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time')");

Also, your code is very likely to become a target of SQL-Injections. You should use the MySQLi-class and a PreparedStatement to insert your posts.

回复 原文
最近可好 2024-11-26 15:56:17

问题数量:

  1. 如果将 $_POST[] 放入字符串中,则需要将其放在大括号 {$_POST[]} 中,否则 PHP 将无法解析该变量
  2. ,接下来需要引用 $_POST[] 中的变量名称这样 PHP 就不认为它们是常量,所以它们需要像 $_POST['title'] 或 $_POST["title"]
  3. 正如其他人所说,您需要通过过滤发布的变量来防止 SQL 注入。最安全的方法是使用 PDO,我在下面提供了一个示例。你可以在这方面进行改进。
  4. 打开错误报告,以便您可以在调试时看到错误

以下是经过测试的代码:

ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('display_errors', 'On');
$user='root';
$pass='';
$dsn = 'mysql:dbname=test;host=localhost'; //for PDO later

mysql_connect("localhost",$user , $pass);  
mysql_select_db("test");     
$time = time();  
if (isset($_POST) && !empty($_POST))
{
// using braces {}
$sql=<<<SQL
INSERT INTO threads (title, message, author, posted) 
VALUES ('{$_POST['title']}','{$_POST['message']}','{$_POST['author']}','$time')

SQL;

echo "$_POST[title]"."Thread Posted.<br><a href='Untitled9.php'>Return</a>";

// now a PDO version of the same
try {
    $pdo = new PDO($dsn, $user, $pass);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();die;
}

$sth = $pdo->prepare("INSERT ino threads (title, message, author, posted)
                  VALUES (:title,:message,:author,:posted)");
$sth->execute(array(':title' => $_POST['title'],':message' => $_POST['message'], ':author' => $_POST['author'] ,':posted' => $time));
echo "Affected rows=".$sth->rowCount().",we are on line=".__LINE__."<br />";
echo $_POST['title']." Thread Posted.<br><a href='Untitled9.php'>Return</a>";

} // close if $_POST

Number of issues :

  1. if you put $_POST[] inside a string you need to put it in braces {$_POST[]} or PHP will not decipher the variable
  2. next the names of the variables in the $_POST[] need to be quoted so that PHP does not think they are CONSTANTS, so they need to be like $_POST['title'] or $_POST["title"]
  3. As others have said you need to protect against SQL injection by filtering the posted vars. Safest way to do this is to use PDO and I have included an example below. You can improve on this.
  4. turn on error reporting so you can see errors while debugging

Here's tested code:

ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('display_errors', 'On');
$user='root';
$pass='';
$dsn = 'mysql:dbname=test;host=localhost'; //for PDO later

mysql_connect("localhost",$user , $pass);  
mysql_select_db("test");     
$time = time();  
if (isset($_POST) && !empty($_POST))
{
// using braces {}
$sql=<<<SQL
INSERT INTO threads (title, message, author, posted) 
VALUES ('{$_POST['title']}','{$_POST['message']}','{$_POST['author']}','$time')

SQL;

echo "$_POST[title]"."Thread Posted.<br><a href='Untitled9.php'>Return</a>";

// now a PDO version of the same
try {
    $pdo = new PDO($dsn, $user, $pass);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();die;
}

$sth = $pdo->prepare("INSERT ino threads (title, message, author, posted)
                  VALUES (:title,:message,:author,:posted)");
$sth->execute(array(':title' => $_POST['title'],':message' => $_POST['message'], ':author' => $_POST['author'] ,':posted' => $time));
echo "Affected rows=".$sth->rowCount().",we are on line=".__LINE__."<br />";
echo $_POST['title']." Thread Posted.<br><a href='Untitled9.php'>Return</a>";

} // close if $_POST
回复 原文
~没有更多了~

关于作者

美煞众生

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

故笙诉离歌

文章 0 评论 0

qq_swB5Wi

文章 0 评论 0

送你一个梦

文章 0 评论 0

mb_PT8LkUS5

文章 0 评论 0

千仐

文章 0 评论 0

梦里泪两行

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文