php - 无法插入到我的 MYSQL 表中

Question

我正在尝试制作一个已连接到数据库的注册表单，它还可以检查用户名是否唯一，但不幸的是，我无法在我的表中插入新数据。 如果有人可以帮助我，我将不胜感激。

<?php
error_reporting(E_ALL ^ E_DEPRECATED);
include 'connect.inc.php'; 
if(isset($_POST['submit'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']); 
    $password2 = mysql_real_escape_string($_POST['password2']);       
    $firstname = mysql_real_escape_string($_POST['firstname']);
    $lastname = mysql_real_escape_string($_POST['lastname']);

    //md5 password
    $password_hash = md5($password);

    //check to see if the fields are empty
    if(empty($username) || empty($password)|| empty($firstname)|| empty($lastname)) {
        echo "Not all fields filled!<br /><br />";
        exit();
    }

    //check if password is equal

    if($password != $password2) {
        echo "Your Passwords Do Not Match.<br />";
        exit();
    } else { 
        $query = "SELECT `username` From `users` WHERE username='$username'"; 
        $result = mysql_query($query);

        if(mysql_num_rows($result) ==1) { 
            echo "Sorry, that user has already exists.";
            exit();
        } else {
            $query1= mysql_query("INSERT INTO `users` ('',username,password,firstname,lastname) VALUES ('','$username',     '$password_hash', '$firstname', '$lastname'");
            if($result1 = mysql_query($query1)) {
                echo "Registered Successfully";
            } else {
                echo "Sorry, You could not Register";           
            }
        }
    } 
} 

?>
<form action="" method="POST">
    Username:<br />
    <input type="text" name="username" /><br /><br />        

    Password:<br />
   <input type="password" name="password" /><br /><br />

    Confirm Password:<br />
    <input type="password" name="password2" /><br /><br />

    First Name:<br />
    <input type="text" name="firstname" /><br /><br />

    Last Name:<br />
    <input type="text" name="lastname" /><br /><br />

    <input type="submit" value="Register" name="submit" />
</form>

Answer 1

您的 INSERT 语句缺少右括号。

$query1= mysql_query("INSERT INTO ... '$lastname'");

$query1= mysql_query("INSERT INTO ... '$lastname')");
                                                 ^

顺便说一句，我发现在执行单行 INSERT 时使用替代语法更容易，因此列名和值匹配:

$query1= mysql_query("INSERT INTO `users` SET
    username='$username',
    password='$password',
    firstname='$firstname',
    lastname='$lastname'");

这更容易确保列与正确的变量相匹配。也无需担心右括号。

参见 http://dev.mysql.com/doc/refman/5.7/en/insert.html有关此语法的详细信息。

---

您还应该放弃已弃用的 mysql 扩展，而改用 PDO。阅读这个不错的教程:https://phpdelusions.net/pdo

Jay Blanchard 是正确的，您的代码不安全。 安全性与正确性一样，不是附加功能。您提到您是初学者，但您不应该开始养成坏习惯。阅读https://blog.codinghorror.com/youre-probably-storing-passwords-incorrectly/