0
我是php web开发的新手,我暂时停留在这段代码上。目前数据仅被输入到第一个表格中。向正确的方向稍微推动一下会非常感激。为什么php mysql插入数据只能用于第一个查询?
$first = isset($_GET['first']) ? $_GET['first']: '';
$last = isset($_GET['last']) ? $_GET['last'] : '';
$email = isset($_GET['email']) ? $_GET['email']: '';
$pass = isset($_GET['pass']) ? $_GET['pass']: '';
$groupname = isset($_GET['groupname']) ? $_GET['groupname'] : '';
$grouppass = isset($_GET['grouppassword']) ? $_GET['grouppassword']: '';
define("DB_SERVER", "x");
define("DB_USER", "x");
define("DB_PASS", "x");
define("DB_NAME", "x");
define("TBL_USERS", "Members");
define("TBL_GROUP", "group");
function addNewUser($firstname, $lastname, $email, $password){
global $connection;
$password1 = md5($password);
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$q = "INSERT INTO ".TBL_USERS." VALUES ('$firstname', '$lastname', '$email', '$password1','')";
return mysql_query($q, $connection);
}
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
addNewUser($first,$last,$email,$pass);
$sql = mysql_query("INSERT INTO ".TBL_GROUP." VALUES ('$groupname', '$grouppass')");
不错[sql注入漏洞](http:// bobby-tables)。即使您的“第一个”查询正常工作,我也很惊讶。更令人惊讶的是,您正在使用两个值进行转义,但忽略了其余的值...... –
如果您是PHP的新手,请不要学习折旧的扩展名......“此扩展名已弃用PHP 5.5.0,不推荐用于编写新的代码,因为它将在未来被删除,而应该使用mysqli或PDO_MySQL扩展,另请参阅MySQL API概述以获得进一步的帮助,以便选择MySQL API。 http://ch1.php.net/manual/en/intro.mysql.php – wildhaber
感谢您的建议!切换到MySQLi –