我想用mysql数据库创建一个用户系统。我尝试用以下php代码将一行插入到表中:
$UserCreateQueryText = "INSERT INTO users (
Username, Password, FirstName, LastName, eMail, ID, ClearanceLevel)
VALUES (
" . $User . ", " . $Password . ", " . $FirstName . ", " . $LastName . ", " . $eMailToUse . ", NULL, 1)";
$UserCreateQuery = mysql_query($UserCreateQueryText) or die(" User creation query error: " . mysql_error());
我使用的变量定义如下:
$User = mysql_real_escape_string($_GET["Username"]);
$Password = mysql_real_escape_string($_GET["Password"]);
$FirstName = mysql_real_escape_string($_GET["FirstName"]);
$LastName = mysql_real_escape_string($_GET["LastName"]);
$eMail = mysql_real_escape_string($_GET["eMail"]);
我使用$_GET,这样我可以看到变量实际上是正确传递的。
所以,如果我插入一个eMail (example@domain.com) $UserCreateQueryText的结果将是:INSERT INTO users (
Username, Password, FirstName, LastName, eMail, ID, ClearanceLevel)
VALUES (
username, password, Name, LastName, , NULL, 1)
因此清除eMail字段并抛出错误:
User creation query error: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near
' NULL, 1)' at line 4
-Ric Del (foxtailgames.com.mx)
您需要引用字符串值:
INSERT INTO ... VALUES ('String', 'string', ...)
当前你不在:
INSERT INTO ... VALUES(Foo, Bar@baz.com, ...)