php - EasyAppointments 和 Bootstrap 网站之间的共享登录 session

Question

这是我在 stackoverflow 上发表的第一篇文章，尽管我定期使用它和其他来源(包括我在这里需要帮助的主题)进行了广泛的研究。

简而言之，我正在客户站点和 EasyAppointments 调度应用程序之间进行共享 session /登录/注册。在我的客户网站上编译注册表的 config.php 时，我收到了此错误。我到处搜索，请帮我理解这一点:

INSERT INTO `ea_users` (first_name, last_name, mobile_number, phone_number, address, city, state, zip_code, notes, id_roles) VALUES(testing, test, 000000000, 000000000, 123 example street, Birmington, Alabama, 00000, , )INSERT INTO `ea_user_settings` (username, password, salt, working_plan, notifications, google_sync, google_token, google_calendar, sync_past_days, sync_future_days) VALUES(TestUser, 0000000000, , , 0, , , , , )
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , 0, , , , , )' at line 2

这是我的 config.php 代码(请原谅我对 sql1/sql2 的非正统变量):

<?php
define('DB_HOST', 'localhost'); 
define('DB_NAME', '####'); 
define('DB_USER','####'); 
define('DB_PASSWORD','####'); 

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL:  " . mysql_error()); $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());

$first_name = $_POST['first_name']; 
$last_name = $_POST['last_name']; 
$mobile_number = $_POST['mobile_number'];
$phone_number = $_POST['phone_number'];
$address = $_POST['address']; 
$city = $_POST['city']; 
$state = $_POST['state'];
$zip_code = $_POST['zip_code'];
$noteboy = $_POST['notes'];
$privs = $_POST['id_roles']; 
$email = $_POST['email']; 
$nick = $_POST['nick'];
$password = $_POST['password'];
$salt = $_POST['salt']; 
$working_plan = $_POST['working_plan']; 
$notifications = $_POST['notifications'];
$google_sync = $_POST['google_sync'];
$google_token = $_POST['google_token']; 
$google_calendar = $_POST['google_calendar']; 
$sync_past_days = $_POST['sync_past_days'];
$sync_future_days = $_POST['sync_future_days'];

$bang = "INSERT INTO `ea_users` (first_name, last_name, mobile_number,         phone_number, address, city, state, zip_code, notes, id_roles) 
VALUES($first_name, $last_name, $mobile_number, $phone_number, $address, $city, $state, $zip_code, $noteboy, $privs)";
echo $bang;

$banger = "INSERT INTO `ea_user_settings` (username, password, salt, working_plan, notifications, google_sync, google_token, google_calendar, sync_past_days, sync_future_days)
VALUES($nick, $password, $salt, $working_plan, $notifications, $google_sync, $google_token, $google_calendar, $sync_past_days, $sync_future_days)";
echo $banger;

$result = mysql_query($bang); mysql_query($banger);
if($result) {
    echo "Successfully updated database";
} else {
    die('Error: '.mysql_error($con)); 
} 

mysql_close($con);

Answer 1

我怀疑您将电话号码存储为整数，因此您应该引用所有这些零。 SQL 不喜欢 VALUES 子句中缺少值，因此您需要将其修复为默认为适合您的字段的格式，例如空字符串、零或 NULL。您还需要考虑escaping也可以避免错误和 SQL 注入(inject)漏洞 - 使用 PDO如果您处于项目早期，这可能是个好主意，并且您绝对应该切换到 mysqli至少。

您对查询失败的检查仅查看您的第一个查询 - 您应该同时检查两者。

无论如何，您可以通过以下方式应用转义和引用来避免使用当前方法看到的错误:

$bang = "INSERT INTO `ea_users` (first_name, last_name, mobile_number, phone_number, address, city, state, zip_code, notes, id_roles) 
VALUES('".
    mysql_real_escape_string($first_name)."','".
    mysql_real_escape_string($last_name)."','".
    mysql_real_escape_string($mobile_number)."','".
    mysql_real_escape_string($phone_number)."','".
    mysql_real_escape_string($address)."','".
    mysql_real_escape_string($city)."','".
    mysql_real_escape_string($state)."','".
    mysql_real_escape_string($zip_code)."','".
    mysql_real_escape_string($noteboy)."','".
    mysql_real_escape_string($privs)."')";