【发布时间】:2022-01-26 00:38:27
【问题描述】:
这是原始编码。我已经尝试了很多以前在 stackoverflow 中发布的方法,但它们都不起作用。 我的父亲、母亲、丈夫和妻子的列是整数类型。
$db = mysqli_connect('x', 'xx', 'xxx', 'xxxx');
if (isset($_POST['add_member'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$sex = mysqli_real_escape_string($db, $_POST['sex']);
$father = mysqli_real_escape_string($db, $_POST['father']) == "" ? null : (int)mysqli_real_escape_string($db, $_POST['father']);
$mother = mysqli_real_escape_string($db, $_POST['mother']) == "" ? null : (int)mysqli_real_escape_string($db, $_POST['mother']);
$husband = mysqli_real_escape_string($db, $_POST['husband']) == "" ? null : (int)mysqli_real_escape_string($db, $_POST['husband']);
$wife = mysqli_real_escape_string($db, $_POST['wife']) == "" ? NULL : (int)mysqli_real_escape_string($db, $_POST['wife']);
$family = mysqli_real_escape_string($db, $_POST['family']) == "" ? null : (int)mysqli_real_escape_string($db, $_POST['family']);
$query = "INSERT INTO users (username, gender, father_id, mother_id, husband_id, wife_id, family_id) VALUES ('$username', '$sex', '$father', '$mother', '$husband', '$wife', '$family')";
mysqli_query($db, $query);
header('location: index.php');
}
}
这里有一些我用过但还是不行的方法
$husband = mysqli_real_escape_string($db, $_POST['husband']);
$husband = !empty($husband_contact) ? "'$husband'" : NULL;
另一种方法:
if (empty($_POST['husband'])){ $husband= NULL;
}else{ $husband = mysqli_real_escape_string($db, $_POST['husband']);}
另一种方法(我不确定,因为它没有$db,甚至可能吗?):
if ($_POST['husband'] == '') {
$husband = NULL;
}else {
$husband = "'" . mysqli_real_escape_string($_POST['husband']) . "'";
}
还有另一种方法(与此相同,没有 $db)
$husband = !empty($_POST['husband']) ? "'".$mysqli->real_escape_string($_POST['husband'])."'" : NULL;
【问题讨论】:
-
尝试
echo $query;,应该立即清楚为什么它没有按照您的意愿行事。您正在创建一个要插入的空字符串,而不是空字符串。您应该考虑使用准备好的语句,而不是从包含变量的字符串构建查询。 php.net/manual/en/mysqli.quickstart.prepared-statements.php -
如果你使用准备好的statemets,你不会有这个问题,你会避免sql注入。现在,您正尝试在 int 列中插入字符串
null。您没有插入空值 -
使用准备好的语句并绑定值。不要使用
mysqli_real_escape_string