index.php
<html>
<head>
<title>Josh's Online Playground</title>
</head>
<body>
<form method="POST" action="action.php">
<table>
<tr>
<td>"data for stuff"</td>
<td><input type="text" ?></td>
</tr>
<tr>
<td><input type="submit"></td>
</tr>
</table>
</form>
</body>
</html>
action.php
<?php
error_reporting(E_ALL);
ini_sit("display_errors", 1);
$mysqli = new mysqli('localhost', 'root', 'password', 'website');
$result = $mysqli->query("insert into stuff (data) values ('
.$_POST['data']
."');
echo $mysqli->error();
if($result = $mysqli->query("select data from stuff")){
echo 'There are '.$result->num_rows.' results.';
}
while ($row = $result->fetch_object()){
echo 'stuff' . $row->data;
}
?>
Despite the first two lines in action.php, I get no error or war开发者_StackOverflowning messages. Instead I get a blank page after clicking the submit button.
Do I have to do something differently to insert data?
you have a syntax error in action.php :
ini_set not ini_sit in line 2 !
ini_sit
has to be
ini_set
;)
You have a fatal error, so the script simply cannot run, and therefore cannot report any errors. Look at this line:
$result = $mysqli->query("insert into stuff (data) values ('
.$_POST['data']
."');
Should read:
$result = $mysqli->query("insert into stuff (data) values ('".$_POST['data']."')");
And escape your $_POST['data'] value before using it in the SQL statement
You have inverted single quotes and double quotes somewhere in your code (at the end of your request). Make sure the display_error php setting is on
Ok, first off, you have a massive SQL Injection vulnerability in there. Second, you have no error checking. Third, your quotes are incorrectly nested (which will cause a fatal error, which is why you're not seeing anything)
Modify it to something like this:
$mysqli = new mysqli('localhost', 'root', 'password', 'website');
if ($mysqli->connecterror) {
//There was an error connecting, handle it
}
$result = $mysqli->query("insert into stuff (data) values ".
" ('".$mysqli->real_escape_string($_POST['data'])."')";
if ($result === false) {
//Query error, handle it
}
Also, you're looping through the data without checking if the result is valid:
if($result = $mysqli->query("select data from stuff")){
echo 'There are '.$result->num_rows.' results.';
while ($row = $result->fetch_object()){
echo 'stuff' . $row->data;
}
}
精彩评论