SQL错误:查询空
问题描述:
mysql_select_db("musicDB", $con);
$sql = mysql_query("INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre)
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]', '$_POST[dob]', sha1('$_POST[password]'), '$_POST[occupation]', '$_POST[genre]')");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
?>
我新的PHP和我得到这个SQL错误:SQL错误:查询空
The query is empty.
我在做什么错?
答
宣布串查询变量时,不使用$sql = mysql_query(...);
只是简单$sql = "...";
,它应该正常工作
答
$sql = mysql_query("INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre)
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]', '$_POST[dob]', sha1('$_POST[password]'), '$_POST[occupation]', '$_POST[genre]')");
if (!sql)
{
是正确的。你试图做
if(!mysql_query(mysql_query("....")))
{
答
mysql_select_db("musicDB", $con);
// that's dirty but at least something to protect that silly code
$_POST['password'] = sha1($_POST['password'].$_POST['username']);
foreach($_POST as $key => $value) $_POST[$key] = mysql_real_escape_string($value);
$sql = "INSERT INTO Users (username, fname, lname, email, dob, password, occupation, genre)
VALUES ('$_POST[username]', '$_POST[fname]', '$_POST[lname]', '$_POST[email]',
'$_POST[dob]', '$_POST[password]', '$_POST[occupation]', '$_POST[genre]')");
if (!mysql_query($sql,$con))
{
trigger_error(mysql_error()." ".$sql);
} else {
echo "1 record added";
}
?>
欢迎SQLI ...阅读[SQL注入](http://php.net/manual/en/security.database.sql-injection.php) – genesis