About MySQL INSERT INTO

Asked 1 years ago, Updated 1 years ago, 39 views

I'm studying php, MySQL based on a textbook.

If the form information is entered correctly, it will display "1 was inserted" and
The information should be stored in the database, but it will not be processed correctly.

「 It comes with -1 was inserted and -.
データベース It will not be saved in the database.

Could you tell me what caused it?

<html>
<head>
</head>

<body>

<form method="post" action="insert.php">
Name: <input type="text" name="name"/><br/>
Email: <input type="text" name="email"/><br/>
Password: <input type="password" name="password"/>br/>
<input type="submit" value="register"/><br/>
</form>

</body>
</html>

<?php

$name = $_POST ["name" ];
$email=$_POST["email"];
$password=$_POST["password"];

if($name&&$email&$password){
    mysql_connect("localhost", "root", "") or die("we could not connect!");
    mysql_select_db("testsite");
    mysql_query("INSERT INTO users(name, email, password)VALUES($name,$email,$password)");
    $registered=mysql_affected_rows();
    echo "$registered was inserted";
} else{
    echo "you have to complete the form";
}

mysql_close();

?>

php mysql

2022-09-29 22:56

1 Answers

mysql_affected_rows returns -1 when the last query fails.

https://stackoverflow.com/questions/6722809/mysql-affected-rows-returns-1

For a reason, $name or $email or $password are probably strings; they are treated as literal when used in "...".For example, if $name contains test, $email contains [email protected], and $password contains my-password, the query is 

INSERT INTO users (name, email, password) VALUES (test, [email protected], my-password)

is the case.What I'm actually looking forward to is 

INSERT INTO users(name, email, password) VALUES('test', '[email protected]', 'my-password')

That's right. So 

mysql_query("INSERT INTO users (name, email, password) VALUES('$name', '$email', '$password')";

Some people write "Please..." but this is the worst thing to do.

mysql_query(sprintf("INSERT INTO users(name, email, password) VALUES('%s', '%s', '%s')",
    mysql_real_escape_string($name),
    mysql_real_escape_string($email),
    mysql_real_escape_string($password)));

You should use mysql_real_escape_string to escape, or use PDO to prepared statements.

http://php.net/manual/ja/pdo.prepared-statements.php

I think you can learn more about why you shouldn't do it by looking at Tokumaru's website.

http://blog.tokumaru.org/

2022-09-29 22:56

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

973 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

539 Unable to install versioned in Google Colab

551 Scrap text information after the "View More" button when searching in the Yahoo! News search window

541 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

543 PHP ssh2_scp_send fails to send files as intended

© 2024 OneMinuteCode. All rights reserved.