所以这可能很愚蠢,但我无法将任何内容插入到某个帐户的 MySQL 中,而且我已经盯着这个看了两个小时。我是 PHP 的新手,所以我很可能会做一些愚蠢的事情。我附上了我正在尝试插入的数据库的屏幕截图。
这就是我要说的:
(imgur 似乎对我不利)
这是我的代码,PhpMyAdmin 告诉我 GRANT ALL PRIVILEGES ON . TO ...
$fbFirstName = $me['first_name'];
$fbLastName = $me['last_name'];
$fbEmail = $me['email'];
mysql_real_escape_string($fbFirstName,$fbLastName,$fbEmail);
$getuserresult = mysql_query("SELECT * FROM newusers WHERE fbUID=$uid");
$userrowsreturned=mysql_num_rows($getuserresult);
if ($userrowsreturned=0)
{
echo '<br />user already exists, will update something here eventually<br />';
}
else {
$sql = mysql_query("INSERT INTO newusers (fbUID,callsAttempted,callsMade,fbEmail,fbFirstName,fbLastName) VALUES ($uid,'1','0',$fbEmail,$fbFirstName,$fbLastName)");
if(!$sql) {
die("Nope");
} else {
echo "1 record added";
}
echo '<br />created user<br />';
}
最佳答案
这里有两件事出了问题。转义是这样的:
$fbFirstName = mysql_real_escape_string($fbFirstName);
// for all variables
// or, just in one go:
$fbFirstName = mysql_real_escape_string($me['first_name']);
// and for integers, make sure they are actually integers (and prevent mayhem)
$some_id = (int)$me['some_id'];
$uid = (int)$uid;
并且在插入时必须引用非整数值:
$sql = mysql_query("INSERT INTO `newusers`
(`fbUID`,`callsAttempted`,`callsMade`,`fbEmail`,`fbFirstName`,`fbLastName`)
VALUES
('$uid',1,0,'$fbEmail','$fbFirstName',$fbLastName')");
(但您也可以引用整数 - 您永远不知道某个外部 ID 是否是或可能变成字母数字。)
关于php - 为什么我不能插入?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3552819/