1. 首页
  2. 问答
  3. 尝试在MySQL中存储用户电子邮件和其他详细信息时产生错误?

尝试在MySQL中存储用户电子邮件和其他详细信息时产生错误?

2015-11-08 40 views
1

我创建了一个注册表单来获取用户的详细信息。但是,当用户进入细节它给这个错误:尝试在MySQL中存储用户电子邮件和其他详细信息时产生错误?

INSERT INTO players(first_name, last_name, username, email, password) VALUES (John, Doe, john.doe, [email protected], doe) SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com, aman)' at line 1

Thank you for registering!

这是我对形式的PHP代码:

<?php 
    $servername="localhost"; 
    $dbname="users"; 
    $username="root"; 
    $password="pass"; 
    try { 

      $dbh=new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); 
      $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     $first_name = $_POST["first_name"]; 
     $last_name = $_POST["last_name"]; 
     $username = $_POST["username"]; 

     $email = $_POST["email"]; 
     $pwd = $_POST["password"]; 
    $sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ($first_name, $last_name, $username, $email, $pwd)"; 
     $dbh->exec($sql); 
} 
catch(PDOException $e) { 
      echo $sql . "<br>" . $e->getMessage(); 
} 

    echo "<p>Thank you for registering!</p>"; 

?>

我曾尝试&抓捕获错误因为没有它被显示

Thank you for registering!

并且数据未存储在数据库中。

UPDATE: 这里是PDO的预处理语句代码:

<?php 
    $servername="localhost"; 
    $dbname="users"; 
    $username="root"; 
    $password="pass"; 
    try { 

      $dbh=new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); 
      $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     $first_name = $_POST["first_name"]; 
     $last_name = $_POST["last_name"]; 
     $username = $_POST["username"]; 

     $email = $_POST["email"]; 
     $pwd = $_POST["password"]; 
    $statement = $dbh->prepare("INSERT INTO players(first_name, last_name, username, email, password) VALUES (:first_name, :last_name, :username, :email, :pwd)"; 
    $statement->execute(array(':first_name' => $first_name, ':last_name' => $last_name, ':username' => $username, ':email' => $email, ':pwd' => $pwd)); 
} 
catch(PDOException $e) { 
      echo $sql . "<br>" . $e->getMessage(); 
} 

    echo "<p>Thank you for registering!</p>"; 

?>

收到此错误:

Parse error: syntax error, unexpected ';' in public_html\php\reg.php on line 16

来源

2015-11-08 Crayator

回答

2

正如其他人所说,你应该使用周围的值引号。理想情况下,您应该使用PDO准备好的语句,它们具有自动转义值的优点,并且本质上具有更高的安全性以及速度和其他优势。

$statement = $dbh->prepare("INSERT INTO players(first_name, last_name, username, email, password) VALUES (:first_name, :last_name, :username, :email, :pwd)"); 
$statement->execute(array(':first_name' => $first_name, ':last_name' => $last_name, ':username' => $username, ':email' => $email, ':pwd' => $pwd));

也使得您的查询更容易阅读,结账PHP的PDO docs

来源

2015-11-08 08:51:52

+0

因此,如果我想将我的代码转换为PDO的Prepared语句,那么该怎么做?你可以编辑我的代码,并给我一个简要的想法,如何完成。我曾尝试过但未成功。 – Crayator

+0

我给出的代码应该用于脚本,用这两个语句替换$ sql = ..和$ dbh-> exec()行。 –

+0

获取此错误:**解析错误:语法错误,意外';'在第16行public_html \ php \ reg.php ** ** – Crayator

2

你有一个单引号来包装你的变量

$sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ('$first_name', '$last_name', '$username', '$email', '$pwd')";

来源

2015-11-08 08:42:05

+0

所以MySQL有与电子邮件@符号问题? – Crayator

+2

不,当没有引用查询时,最终会被INSERT INTO播放器(...)VALUES(John,Doe,[email protected] ....)所看到,这是无效的SQL,因为MySQL中的字符串需要为了像INSERT INTO ... VALUES('John','Doe','john @ ....')那样被包裹在引号中,如果它没有在@处抛出一个错误,它会抛出John因为它会将它视为列名而不是字符串值。 –

3

每当你是inser婷串到你的查询您必须用引号把它包:

$sql="INSERT INTO players(first_name, last_name, username, email, password) VALUES ('$first_name', '$last_name', '$username', '$email', '$pwd')";

来源

2015-11-08 08:46:04

相关问题

 相关问题