当前位置: 文江博客话题详情

我的 MySQL 查询不起作用,没有任何内容进入数据库

发布于 2024-12-09 14:15:39 字数 540 浏览 1 评论 0原文

我试图将一篇文章放入数据库,但失败了:

$con = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("easy_db",$con);
mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)");

mysql_close();

我检查了拼写并打印了从 post-http 获得的所有变量($title、$data、$topic、$author)

。使用该语句插入数据库。为什么?

更新

我也遇到了这个错误:

= mysql_query("SELECT page FROM `easy_db`.`article` ORDER BY article_id DESC LIMIT 1")  or die(mysql_error());
原文

I am trying to put a single article to the database, but fail:

$con = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("easy_db",$con);
mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)");

mysql_close();

I checked the spelling and printed all the variables ($title, $data, $topic, $author), that I got from the post-http..

Nothing is being inserted to the database with that statement. Why?

UPDATED

I have got an error in this one too:

= mysql_query("SELECT page FROM `easy_db`.`article` ORDER BY article_id DESC LIMIT 1")  or die(mysql_error());

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

何处潇湘 2024-12-16 14:15:39

在查询后使用错误检查语句,这样您就知道出了什么问题。另外,请注意 SQL 注入,并在值两边加上单引号:

 $con=mysql_connect("localhost","root","") or trigger_error(mysql_error());
    mysql_select_db("easy_db",$con);
    $title = mysql_real_escape_string($title);
    $article = mysql_real_escape_String($article);
    $topic = mysql_real_escape_string($topic);
    $author = mysql_real_escape_string($author);
    mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author)
                 VALUES('".$title."', '".$data."', '".$topic."', '".$author."')") 
                 or die ('Error: '.mysql_error());


   // mysql_close();  this is not necessary, though

Use an error checking statement after your query, so you know what's going wrong. Also, beware of SQL INJECTION, and put single quotes around your values:

 $con=mysql_connect("localhost","root","") or trigger_error(mysql_error());
    mysql_select_db("easy_db",$con);
    $title = mysql_real_escape_string($title);
    $article = mysql_real_escape_String($article);
    $topic = mysql_real_escape_string($topic);
    $author = mysql_real_escape_string($author);
    mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author)
                 VALUES('".$title."', '".$data."', '".$topic."', '".$author."')") 
                 or die ('Error: '.mysql_error());


   // mysql_close();  this is not necessary, though
回复 原文
落墨 2024-12-16 14:15:39

请替换

mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)");


mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)") or die(mysql_error();

并重试。如果有错误,请告诉我们。确保你的变量是从哪里得到的。

您应该使用全局变量 $_POST$_GET

Please replace

mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)");

with

mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES($title, $data, $topic, $author)") or die(mysql_error();

And try again. If there is an error, tell us. Be sure that you of your variable where you got it.

You should use the global variables $_POST and $_GET.

回复 原文
皇甫轩 2024-12-16 14:15:39

由于这个问题与其他问题的数千个问题完全相同(但从未被关闭),因此我将指出一件有些不同的事情。

似乎世界上每个人都在将 SQL 错误写入浏览器,甚至在执行过程中终止脚本。给用户留下加密消息且没有任何控制,但却为潜在的攻击者提供了非常有用的信息。同时让程序员完全不知道网站上发生的错误。有趣,嗯?

一般来说,这是 PHP 语言的阴暗面,它遭受着遍布世界各地的可怕代码示例,也是 Stack Overflow 网站的一个不好的一面,因为它在传播这些不良做法、错误代码、荒谬的内容中发挥了巨大作用。习惯和奇怪的迷信。

因为答案的质量永远不会影响其代表点。所以,一个人可以写任何废话,它都会被点赞、接受和进一步复制。

所以,如果你想让你的代码变得更好一点——永远不要使用 die()。如果运行查询,请使用 trigger_error() 代替,它将根据当前 PHP 设置填充错误信息:在测试服务器上,它将显示在屏幕上,但在实时服务器上,它将被记录下来网站程序员。它不会杀死你的脚本。

As this question is an exact duplicate of thousands already answered others (but never be closed though), I am going to point out to one somewhat different thing.

It seems everyone in the world are writing SQL errors into the browser and even killing their scripts in the middle of execution. Leaving the user with a cyphered message and no controls, yet providing a potential attacker with quite useful information. And at the same time leaving programmer totally ignorant of the errors occurred on the site. Funny, eh?

That's the dark side of PHP language in general, which suffer from terrible code examples spread over the world and is a bad side of this site of Stack Overflow as well, as it takes huge part in spreading these bad practices, wrong code, ridiculous habits and weird superstitions.

Because answer quality will never affect its rep points. So, one can write any nonsense and it will be upvoted, accepted, and copied further.

So, if you want to make your code a little better - never use die(). In case of running queries use trigger_error() instead, it will populate the error information according to current PHP settings: on a test server it will go onto screeen, but on a live server it will be logged for the site programmer. And it won't kill your script.

回复 原文
吝吻 2024-12-16 14:15:39

您的 VALUES('val1', 'val2'...) 变量周围没有单引号::

mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES('$title', '$data', '$topic', '$author')");

您应该检查查询是否成功,例如:

$result =  mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES('$title', '$data', '$topic', '$author')");
if (!$result) {
  echo mysql_error(); // find out what went wrong...
}

我们看不到您的其余部分代码,但请确保您还使用 mysql_real_escape_string() 清理了 $_POST 中的所有输入变量:

$title = mysql_real_escape_string($_POST['title']);
// etc...

You have no single-quotes around your VALUES('val1', 'val2'...) variables::

mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES('$title', '$data', '$topic', '$author')");

You should check the success of the query like:

$result =  mysql_query("INSERT INTO easy_db.article (Title, Article, Topics, author) VALUES('$title', '$data', '$topic', '$author')");
if (!$result) {
  echo mysql_error(); // find out what went wrong...
}

We don't see the rest of your code, but please be sure you have also sanitized all your input variables from $_POST using mysql_real_escape_string():

$title = mysql_real_escape_string($_POST['title']);
// etc...
回复 原文
半衾梦 2024-12-16 14:15:39

您很可能忘记引用插入的数据。查询应该看起来更像:

INSERT ... VALUES ('$title', '$data', '$topic', '$author')

你的代码应该是:

$result = mysql_query(...) or die(mysql_error());

如果你包含了“or die()”部分,你会从 mysql 得到一个语法错误,告诉你查询失败的原因。运行查询后不检查错误条件几乎从来都不是一个好主意。即使 SQL 在语法上是完美的,仍有太多其他原因导致查询无法进行 NOT 检查。

Most likely you've forgotten to quote your inserted data. The query should look more like:

INSERT ... VALUES ('$title', '$data', '$topic', '$author')

and your code should be:

$result = mysql_query(...) or die(mysql_error());

Had you had the 'or die()' portion included, you'd get a syntax error from mysql telling you why the query failed. It is almost never a good idea to NOT check for error conditions after running a query. Even if the SQL is syntactically perfect, there's far too many other reasons for a query to fail to NOT check.

回复 原文
~没有更多了~

关于作者

请远离我

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文