2
提交值这是形式的代码:为什么MySQL的代码是不是在数据库
<div id="regform">
<div id="regform-top">
<h2>User Registration</h2>
<p>Please complete this form</p>
</div>
<form id="register-form" name="register-form" action="submit.php" method="post"
class="validation">
<fieldset>
<table>
<tr>
<td>
<div class="fieldgroup">
<label for="user-name">User name*: </label>
<input type="text" id="name" name="name" value="" size="12" class="inpt" /><br
class="clear" />
</div>
<div class="fieldgroup">
<label for="password">Password*: </label>
<input type="password" id="password" name="password" value="" size="12" class="inpt"
/><br class="clear" />
</div>
</td>
<td id="form-note">
<br />
<p><strong>Form Instructions</strong></p>
<p>*Required Field</p>
</td>
</tr>
</table>
<table id="bottom-reg">
<tr>
<td><br />
<div class="fieldgroup">
<label for="firstname">First name*</label>
<input type="text" id="firstname" name="firstname" value="" size="12" class="inpt" />
<br class="clear" />
</div>
<div class="fieldgroup">
<label for="email">Email Address* </label>
<input type="text" id="email" name="email" value="" size="12" class="inpt" /><br
class="clear" />
</div>
<div class="fieldgroup">
<label for="address1">Address 1* </label>
<input type="text" id="address1" name="address1" value="" size="12" class="inpt" />
<br class="clear" />
</div>
<label for="address2">Address 2</label>
<input type="text" id="address2" name="address2" value="" size="12" class="inpt" />
<br class="clear" />
<label for="address2">Address 3</label>
<input type="text" id="address3" name="address3" value="" size="12" class="inpt" />
<br class="clear" />
<div class="fieldgroup">
<label for="country">Country*</label>
<input type="text" id="country" name="country" value="" size="12" class="inpt" /><br
class="clear" />
</div>
</td>
<td><br />
<div class="fieldgroup">
<label for="lastname">Last name*</label>
<input type="text" id="lastname" name="lastname" value="" size="12" class="inpt" />
<br class="clear" />
</div>
<div class="fieldgroup">
<label for="group">Group* </label>
<input type="text" id="name" name="group" value="" size="12" class="inpt" />
<br class="clear" />
</div>
<div class="fieldgroup">
<label for="city">City* </label>
<input type="text" id="city" name="city" value="" size="12" class="inpt" /><br
class="clear" />
</div>
<div class="fieldgroup">
<label for="city">State* </label>
<input type="text" id="state" name="state" value="" size="12" class="inpt" /><br
class="clear" />
</div>
<div class="fieldgroup">
<label for="zip">Zip*</label>
<input type="text" id="zip" name="zip" value="" size="12" class="inpt" /><br
class="clear" />
</div>
</td>
</tr>
</table>
<input type="submit" value="Register" class="submit-btn" />
</fieldset>
</form>
这是submit.php代码:
<?php
$con = mysql_connect("localhost","viatechp_invacar","storefront72");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("viatechp_invacare", $con);
$sql="INSERT INTO registration(username,password,fname,lname,group,
address1,address2,address3, email,city,state,zip,country)
VALUES
('$_POST[name]','$_POST[password]', '$_POST[firstname]','$_POST[lastname]','
$_POST[group]','$_POST[address1]','$_POST[address2]','$_POST[address3]',
'$_POST[email]','$_POST[city]','$_POST[state]','$_POST[zip]','$_POST[country]'
)" ;
$query = mysql_query($sql) or die(mysql_error());
$results = mysql_fetch_assoc($query);
if ($results) {
echo 'The query returned ' . $results[ 'registration' ];
} else {
echo 'The query did not return any results';
} ?>
echo $sql;
?>
它显示一个错误:
您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,以在'group,address1,address2,address3,email,city,state,zip,country'附近使用正确的语法。VALUES('sdfdsf'at line 1
尝试打印变量$ sql并查看或发布查询,我认为你在查询中有语法错误。 –
首先总是使用'mysqli_error()',其次这并不是完全消毒,至少使用'mysqli_real_escape_string()' –
您正在使用[过时的数据库API](http://stackoverflow.com/q/12859942/ 19068),并应使用[现代替代](http://php.net/manual/en/mysqlinfo.api.choosing.php)。你也暴露了自己[SQL注入攻击](http://bobby-tables.com/),一个现代的API会使[防御]更容易(http://stackoverflow.com/questions/60174/best-防止 - 注入 - 在PHP中)自己从。 – Quentin