我创建了一个注册表来获取用户的详细信息。但当用户输入详细信息时,会出现以下错误:
插入玩家(first_name、last_name、用户名、电子邮件、密码)价值观(John,Doe,John.Doe,john.doe@yahoo.com,doe)SQLSTATE[42000]:语法错误或访问冲突:1064您有SQL语法错误;查看与您的在'@yahoo.com附近使用正确语法的MySQL服务器版本,aman)'在第1行
感谢您的注册!
这是我的PHP表单代码:
<?php
$servername="localhost";
$dbname="users";
$username="root";
$password="pass";
try {
$dbh=new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$username = $_POST["username"];
$email = $_POST["email"];
$pwd = $_POST["password"];
$sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ($first_name, $last_name, $username, $email, $pwd)";
$dbh->exec($sql);
}
catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
echo "<p>Thank you for registering!</p>";
?>
我确实尝试过&catch捕获错误,因为没有它显示
感谢您的注册!
并且数据没有存储在数据库中。
更新:以下是PDO准备声明的代码:
<?php
$servername="localhost";
$dbname="users";
$username="root";
$password="pass";
try {
$dbh=new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$username = $_POST["username"];
$email = $_POST["email"];
$pwd = $_POST["password"];
$statement = $dbh->prepare("INSERT INTO players(first_name, last_name, username, email, password) VALUES (:first_name, :last_name, :username, :email, :pwd)";
$statement->execute(array(':first_name' => $first_name, ':last_name' => $last_name, ':username' => $username, ':email' => $email, ':pwd' => $pwd));
}
catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
echo "<p>Thank you for registering!</p>";
?>
获取此错误:
分析错误:语法错误,意外的";"在里面第16行上的public_html''php''reg.php
无论何时在查询中插入字符串,都必须用引号括起来:
$sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ('$first_name', '$last_name', '$username', '$email', '$pwd')";
正如其他人所说,应该在值周围使用引号。理想情况下,您应该使用PDO准备好的语句,因为它们具有自动转义值的优点,本质上更安全,并且具有速度和其他优势。
$statement = $dbh->prepare("INSERT INTO players(first_name, last_name, username, email, password) VALUES (:first_name, :last_name, :username, :email, :pwd)");
$statement->execute(array(':first_name' => $first_name, ':last_name' => $last_name, ':username' => $username, ':email' => $email, ':pwd' => $pwd));
也使您的查询更容易阅读,签出PHP的PDO文档
您必须用单引号包装变量
$sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ('$first_name', '$last_name', '$username', '$email', '$pwd')";