【发布时间】:2016-06-14 10:24:15
【问题描述】:
错误:
您的 SQL 语法有错误;检查手册 对应于您的 MySQL 服务器版本,以便使用正确的语法 在第 144 行靠近 '@ami.com, '50cb0778758634b4a6f959ed4bf2debd')'
HTML 代码
<form action="" method="post">
<table>
<tbody>
<tr>
<td>
<div>
<input type="text" name="name" placeholder="Name">
</div>
<div>
<input type="text" name="city" placeholder="City">
</div>
<div>
<input type="text" name="zip" placeholder="Zip-Code">
</div>
<div>
<input style="padding:7px 10px; margin-top:5px;width:336px;" type="email" name="email" placeholder="Email" >
</div>
</td>
<td>
<div>
<input type="text" name="address" placeholder="Address">
</div>
<div>
<input type="text" name="country" placeholder="Country">
</div>
<div>
<input type="text" name="phone" placeholder="Phone">
</div>
<div>
<input style="padding:7px 10px; margin-top:5px;width:336px;" type="password" name="pass" placeholder="Password">
</div>
</td>
</tr>
</tbody>
</table>
<div class="search"><div><button class="grey" name="register">Create Account</button></div></div>
<p class="terms">By clicking 'Create Account' you agree to the <a href="#">Terms & Conditions</a>.</p>
<div class="clear"></div>
</form>
PHP 代码
public function customerRegistration($data)
{
$name = mysqli_real_escape_string($this->db->link, $data['name']);
$address = mysqli_real_escape_string($this->db->link, $data['address']);
$city = mysqli_real_escape_string($this->db->link, $data['city']);
$country = mysqli_real_escape_string($this->db->link, $data['country']);
$zip = mysqli_real_escape_string($this->db->link, $data['zip']);
$phone = mysqli_real_escape_string($this->db->link, $data['phone']);
$email = mysqli_real_escape_string($this->db->link, $data['email']);
$pass = mysqli_real_escape_string($this->db->link, md5($data['pass']));
if ($name == "" || $address == "" || $city == "" || $country == "" || $zip == "" || $phone == "" || $email == ""|| $pass == "") {
$msg = "fileds must not be empty";
return $msg;
}
// email query
$mailquery = "SELECT * FROM tbl_customer WHERE email='$email' LIMIT 1";
$checkmail = $this->db->select($mailquery);
// password query
$passquery = "SELECT * FROM tbl_customer WHERE pass='$pass' LIMIT 1";
$checkpass = $this->db->select($passquery);
// return $checkmail;
if ($checkmail != false) {
$msg = "Email already exit";
return($msg);
} elseif( $checkpass != false) {
$msg = "Password already exit";
return($msg);
} else {
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', $email, '$pass')";
$inserted_row = $this->db->insert($query);
if ($inserted_row) {
$msg = "Customer data inserted successfully";
return $msg;
} else {
$msg = "Customer data not inserted";
return $msg;
}
}
}
【问题讨论】:
-
用引号将
$email括起来。请记住您的代码容易发生SQL 注入 -
'$phone', $email,的电子邮件中缺少引号。阅读php.net/manual/en/mysqli-stmt.bind-param.php -
缺少单引号 $email
-
原 MySQL 扩展现已弃用,连接数据库时会产生 E_DEPRECATED 错误。相反,使用 MYSQLi 或 PDO_MySQL 扩展。准备好的语句