无法让PHP脚本工作,它显示为空白页面

时间:2021-03-04 11:50:57

here is the code that creates a simple profile of a user with list of posts :

这是用于创建具有帖子列表的用户的简单配置文件的代码:

<html>
<head>
<title>Welcome ! </title>
</head>
<body>

<?php
$dbcon = mysql_connect('localhost','user','password');
if(!$dbcon)
{
die('<p>'.'Unable to connect to database server'.mysql_error().'</p>');
}
?>

<?php
//select the database
mysql_select_db("rough_site",$dbcon);
//add the user 
$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];
$adduser= "INSERT INTO user (user_name, user_password, user_mail) VALUES ($user_name, 
$user_password, $user_mail)";
$confirmUser = mysql_query($adduser);
if(!$confirmUser) 
{
die("Sorry , but you could not be added as a member of this site . ");
}
?>


<p align="center" ><h2><em>Latest posts by you </em></h2></p><br/>
<?php
// show the latest posts by this user 
$user_name = $_POST['user_name'];
$latestposts = "SELECT post_id , post_title  from posts ,users where  
posts.user_name=users.$user_name " ;
$showlatestposts= mysql_query($latestposts);

?>

<blockquote>
<?php
while($row=mysql_fetch_array($showlatestposts) )
{
echo '<p>'. '<a href = "showpost.php?post_id='. $row['post_id'].'">'.         
    $row['post_title'].'</a></p><br/>' ;
}
?>
</blockquote>


</body>
</html>

5 个解决方案

#1


0  

To insert value from array with named key to string, and to use '' marks, you must enclose it in {} - http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing (Complex (curly) syntax) So, for example,

要将带有命名键的数组中的值插入到字符串中,并使用''标记,必须将其括在{} - http://www.php.net/manual/en/language.types.string.php#language中。 types.string.parsing(复杂(卷曲)语法)因此,例如,

$adduser= "INSERT INTO users set 
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";

must be

一定是

$adduser= "INSERT INTO users set 
user_name=\"{$_POST['user_name']}\",
user_password=\"{$_POST['user_password']}\",
user_mail =\"{$_POST['user_mail']}\"";

#2


2  

Have you check your log file? Turn error_reporting(E_ALL) or maybe adding die(mysql_error()); in your queries... That might help to know what's wrong!

你检查过你的日志文件了吗?打开error_reporting(E_ALL)或者添加die(mysql_error());在你的查询...这可能有助于知道什么是错的!

And if you do an INSERT INTO

如果你做INSERT INTO

It should be

它应该是

INSERT INTO users VALUES (....) and not SET

INSERT INTO用户VALUES(....)而不是SET

SET is for an update

SET用于更新

#3


1  

Your INSERT query isnt in the correct syntax, and then you call the die() function, which would in turn result in a blank page.

您的INSERT查询不是正确的语法,然后您调用die()函数,这将导致一个空白页。

Fix the query and you should be good.

修复查询,你应该很好。

Update and the cause of your problem:

You have:

你有:

$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];

And should be:

应该是:

$user_name = mysql_real_escape_string($_POST['user_name']);
$user_password =mysql_real_escape_string($_POST['user_password']);
$user_mail=mysql_real_escape_string($_POST['user_mail']);

You're not closing the function with the parentheses

你没有用括号关闭函数

#4


0  

Put this at the top of your file:

把它放在你文件的顶部:

<?php
    error_reporting(E_ALL);
    ini_set('display_errors','On');
?>

I'm guessing that there's an error that you're not being told about, this will enable error reporting.

我猜你有一个错误,你没有被告知,这将启用错误报告。

#5


0  

in the browser if you go "view source" you might see the error text, it could be hidden from normal view due to invalid html

在浏览器中,如果你进入“查看源代码”,你可能会看到错误文本,由于无效的html,它可能会从普通视图中隐藏

its probably the single quotes in here causing a syntax error.

它可能是这里引用语法错误的单引号。

$adduser= "INSERT INTO users set 
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";

try this instead (see the single quotes in the [ ] are removed, because the whole string is quoted it is not required

试试这个(看到[]中的单引号被删除,因为引用的整个字符串不是必需的

$adduser= "INSERT INTO users set 
user_name='$_POST[user_name]',
user_password='$_POST[user_password]',
user_mail = '$_POST[user_mail]'";

as others have recommended you should sanitize your sql parms something like this

正如其他人所建议的那样,你应该清理你的sql parms

$user_name = mysql_escape_string($_POST['user_name']);
$user_password = mysql_escape_string($_POST['user_password']);
$user_mail = mysql_escape_string($_POST['user_mail']);

$adduser= "INSERT INTO users set 
user_name='$user_name',
user_password='$user_password',
user_mail = '$user_mail'";

#1


0  

To insert value from array with named key to string, and to use '' marks, you must enclose it in {} - http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing (Complex (curly) syntax) So, for example,

要将带有命名键的数组中的值插入到字符串中,并使用''标记,必须将其括在{} - http://www.php.net/manual/en/language.types.string.php#language中。 types.string.parsing(复杂(卷曲)语法)因此,例如,

$adduser= "INSERT INTO users set 
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";

must be

一定是

$adduser= "INSERT INTO users set 
user_name=\"{$_POST['user_name']}\",
user_password=\"{$_POST['user_password']}\",
user_mail =\"{$_POST['user_mail']}\"";

#2


2  

Have you check your log file? Turn error_reporting(E_ALL) or maybe adding die(mysql_error()); in your queries... That might help to know what's wrong!

你检查过你的日志文件了吗?打开error_reporting(E_ALL)或者添加die(mysql_error());在你的查询...这可能有助于知道什么是错的!

And if you do an INSERT INTO

如果你做INSERT INTO

It should be

它应该是

INSERT INTO users VALUES (....) and not SET

INSERT INTO用户VALUES(....)而不是SET

SET is for an update

SET用于更新

#3


1  

Your INSERT query isnt in the correct syntax, and then you call the die() function, which would in turn result in a blank page.

您的INSERT查询不是正确的语法,然后您调用die()函数,这将导致一个空白页。

Fix the query and you should be good.

修复查询,你应该很好。

Update and the cause of your problem:

You have:

你有:

$user_name = mysql_real_escape_string($_POST['user_name'];
$user_password =mysql_real_escape_string($_POST['user_password'];
$user_mail=mysql_real_escape_string($_POST['user_mail'];

And should be:

应该是:

$user_name = mysql_real_escape_string($_POST['user_name']);
$user_password =mysql_real_escape_string($_POST['user_password']);
$user_mail=mysql_real_escape_string($_POST['user_mail']);

You're not closing the function with the parentheses

你没有用括号关闭函数

#4


0  

Put this at the top of your file:

把它放在你文件的顶部:

<?php
    error_reporting(E_ALL);
    ini_set('display_errors','On');
?>

I'm guessing that there's an error that you're not being told about, this will enable error reporting.

我猜你有一个错误,你没有被告知,这将启用错误报告。

#5


0  

in the browser if you go "view source" you might see the error text, it could be hidden from normal view due to invalid html

在浏览器中,如果你进入“查看源代码”,你可能会看到错误文本,由于无效的html,它可能会从普通视图中隐藏

its probably the single quotes in here causing a syntax error.

它可能是这里引用语法错误的单引号。

$adduser= "INSERT INTO users set 
user_name=$_POST['user_name'],
user_password=$_POST['user_password'],
user_mail =$_POST['user_mail']";

try this instead (see the single quotes in the [ ] are removed, because the whole string is quoted it is not required

试试这个(看到[]中的单引号被删除,因为引用的整个字符串不是必需的

$adduser= "INSERT INTO users set 
user_name='$_POST[user_name]',
user_password='$_POST[user_password]',
user_mail = '$_POST[user_mail]'";

as others have recommended you should sanitize your sql parms something like this

正如其他人所建议的那样,你应该清理你的sql parms

$user_name = mysql_escape_string($_POST['user_name']);
$user_password = mysql_escape_string($_POST['user_password']);
$user_mail = mysql_escape_string($_POST['user_mail']);

$adduser= "INSERT INTO users set 
user_name='$user_name',
user_password='$user_password',
user_mail = '$user_mail'";