Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 12 years ago.

当用户在我的网站上注册时, 他们必须输入个人细节。输入的细节将被添加到我的 Datbase 的个人细节表格中。我有以下代码, 但是它不起作用, 我无法找到原因。有人能帮忙吗? 我得到错误信息: query was empty

    $myusername=$_POST[ username ];
    $mypassword=$_SESSION[ mypassword ];
    $firstname = $_POST[ firstname ];
    $surname = $_POST[ surname ];
    $dob = $_POST[ dob ];
    $totalwins = $_POST[ totalwins ];
    $totalloses = $_POST[ totalloses ];
    $email = $_POST[ email ];
    $country = $_POST[ country ];
    $info = $_POST[ info ];

    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    $queryreg = mysql_query("

                INSERT INTO $tbl_name VALUES(  ,  , $myusername , $mypassword  $firstname , $surname , $totalwins , $totalloses , $email , $country , $info , $dob  )
        ");

if (!mysql_query($sql))
      {
     die( Error:   . mysql_error());
      }
      else  {
      echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
    }

Answer 1

首先, 您会用代码被 SQL 注射。请准备并跳出您的日志数据。这对防止 SQL 输入攻击非常重要。请仔细阅读它。

然后,误差就由此而发生

if (!mysql_query($sql))
  {
 die( Error:   . mysql_error());
  }
  else  {
  echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
}

您似乎没有名为$sql 的变量, 您正在执行两个查询!

请做以下工作并发布反馈

$sql = "INSERT INTO $tbl_name VALUES(  ,  , $myusername , $mypassword  $firstname , $surname , $totalwins , $totalloses , $email , $country , $info , $dob  )";

if (!mysql_query($sql))
  {
 die( Error:   . mysql_error());
  }
  else  {
  echo "<br><br>Your details have been successfully updated. Go back to the                 personal details page to view your updated information.";
}

Answer 2

如果您使用带有自动递增的主要字段, 您应该指定字段名称 :

$queryreg = mysql_query("INSERT INTO $tbl_name (field1,field2,field3 ecc) VALUES( ... )");

还有你的密码是注射用的,我们是PDO

Answer 3

查询为空, 原因是您在行中对 $sql 有任何指定值

if (!mysql_query($sql))

要解决问题,你必须把它分配为:

  $sql = "update  $tbl_name set ...";
  if (!mysql_query($sql))

Answer 4

有很多东西让我害怕你的代码...

更改如下(在 $mypassword 和 $sql 未设置正确之后,您缺少了一个逗号) 。

$sql = "INSERT INTO $tbl_name ( [list columns here besides autoincrement ] ) 
    VALUES 
    (  ,  $myusername ,  $mypassword ,  $firstname ,  $surname , 
     $totalwins ,  $totalloses ,  $email ,  $country ,  $info ,  $dob  )");

if (!mysql_query($sql)) {

友情链接