EasyAppointments和Bootstrap网站之间共享登录会话 - Shared login session between EasyAppointments and Bootstrap website

这是我在stackoverflow上的第一篇文章，尽管我已经定期使用它和其他资源(包括我需要帮助的主题)进行了广泛的研究。

简洁地说，我正在客户端站点和EasyAppointments调度应用程序之间共享会话/登录/注册。在我的客户端网站上编译config.php注册表单时，我收到了这个错误。我找遍了所有地方，请帮我理解一下:

INSERT INTO `ea_users` (first_name, last_name, mobile_number, phone_number, address, city, state, zip_code, notes, id_roles) VALUES(testing, test, 000000000, 000000000, 123 example street, Birmington, Alabama, 00000, , )INSERT INTO `ea_user_settings` (username, password, salt, working_plan, notifications, google_sync, google_token, google_calendar, sync_past_days, sync_future_days) VALUES(TestUser, 0000000000, , , 0, , , , , )
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , 0, , , , , )' at line 2

这是我的config.php代码(请原谅我的非正统变量sql1/sql2):

<?php
define('DB_HOST', 'localhost'); 
define('DB_NAME', '####'); 
define('DB_USER','####'); 
define('DB_PASSWORD','####'); 
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL:  " . mysql_error()); $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
$first_name = $_POST['first_name']; 
$last_name = $_POST['last_name']; 
$mobile_number = $_POST['mobile_number'];
$phone_number = $_POST['phone_number'];
$address = $_POST['address']; 
$city = $_POST['city']; 
$state = $_POST['state'];
$zip_code = $_POST['zip_code'];
$noteboy = $_POST['notes'];
$privs = $_POST['id_roles']; 
$email = $_POST['email']; 
$nick = $_POST['nick'];
$password = $_POST['password'];
$salt = $_POST['salt']; 
$working_plan = $_POST['working_plan']; 
$notifications = $_POST['notifications'];
$google_sync = $_POST['google_sync'];
$google_token = $_POST['google_token']; 
$google_calendar = $_POST['google_calendar']; 
$sync_past_days = $_POST['sync_past_days'];
$sync_future_days = $_POST['sync_future_days'];
$bang = "INSERT INTO `ea_users` (first_name, last_name, mobile_number,         phone_number, address, city, state, zip_code, notes, id_roles) 
VALUES($first_name, $last_name, $mobile_number, $phone_number, $address, $city, $state, $zip_code, $noteboy, $privs)";
echo $bang;
$banger = "INSERT INTO `ea_user_settings` (username, password, salt, working_plan, notifications, google_sync, google_token, google_calendar, sync_past_days, sync_future_days)
VALUES($nick, $password, $salt, $working_plan, $notifications, $google_sync, $google_token, $google_calendar, $sync_past_days, $sync_future_days)";
echo $banger;
$result = mysql_query($bang); mysql_query($banger);
if($result) {
    echo "Successfully updated database";
} else {
    die('Error: '.mysql_error($con)); 
} 
mysql_close($con);

我怀疑您是否将电话号码存储为整数，因此您应该引用所有这些零。SQL不喜欢在VALUES子句中缺少值，因此您需要将其修复为默认格式，以适合您的字段，例如空字符串，零或NULL。您还需要考虑转义，以避免错误和SQL注入漏洞-如果您在项目的早期使用PDO可能是一个好主意，并且您至少应该切换到mysql。

您的查询失败检查只查看第一个查询-您应该检查两个查询。

无论如何，以下是如何应用转义和引号来避免使用当前方法看到的错误的方法:

$bang = "INSERT INTO `ea_users` (first_name, last_name, mobile_number, phone_number, address, city, state, zip_code, notes, id_roles) 
VALUES('".
    mysql_real_escape_string($first_name)."','".
    mysql_real_escape_string($last_name)."','".
    mysql_real_escape_string($mobile_number)."','".
    mysql_real_escape_string($phone_number)."','".
    mysql_real_escape_string($address)."','".
    mysql_real_escape_string($city)."','".
    mysql_real_escape_string($state)."','".
    mysql_real_escape_string($zip_code)."','".
    mysql_real_escape_string($noteboy)."','".
    mysql_real_escape_string($privs)."')";