-3

I would be really grateful if someone can help me solve my problem. the problems is that when I click POST enter image description hereshowing me this error:

> *PHP Warning:  mysqli_connect(): (HY000/2002):� in C:\Users\21145\Desktop\www\list.php on line 3
PHP Fatal error:  Uncaught TypeError: mysqli_query(): Argument #1 ($mysql) must be of type mysqli, bool given in C:\Users\21145\Desktop\www\list.php:4
Stack trace:
#0 C:\Users\21145\Desktop\www\list.php(4): mysqli_query(false, 'set names gbk')
#1 {main}
  thrown in C:\Users\21145\Desktop\www\list.php on line 4*

this is my code

    list.php
    <?php
    $link = mysqli_connect('localhost','root','123456');
    mysqli_query($link,"set names gbk");
    if(!$link){
        die("Could not connect to MySQL: ".mysqli_error());
    }
    echo 'Connection OK ';
    echo "<br>";
    $name = $_POST["name"];
    $comment = $_POST["comment"];
    mysqli_select_db($link,'test');
    $query = "insert into comment (uname,ucomment) value  ('{$name}','{$comment}'); ";
        if(!mysqli_query($link,$query))
        {
            die("Error: ".mysqli_error($link));
        }
        $result = mysqli_query($link,"SELECT uname,ucomment FROM comment;");
        while($row = mysqli_fetch_array($result))
        {
            echo $row["uname"]   . "<br/>";
            echo $row["ucomment"]   . "<br/>";
        }
        mysqli_close($link); #关闭数据库
        echo "<meta http-equiv='refresh' content='0;url=home.php'>"; //return home.php 
    ?>
space
  • 1
  • 2
    Maybe check `$link` (in `if(!$link){...`) _before_ you use it. Which database is your query going to use? – brombeer May 24 '22 at 07:57
  • `mysqli_query($link,"set names gbk");` comment this line out and action the next error message you see. – AD7six May 24 '22 at 07:58
  • The warning `HY000/2002` should give a hint at what is happening. That usually means you were unable to connect to the MySQL server so start your debugging process from that e.g. check if you can connect to it using those credentials in the command line interface before trying to connect from within a PHP script – apokryfos May 24 '22 at 08:01
  • I try to add database name or comment line 3 ,but I still get the error – space May 24 '22 at 08:10
  • 2
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson May 24 '22 at 08:23
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 24 '22 at 08:24
  • Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically, instead of repetitively checking for errors after every single command (and the way you're checking is incorrect anyway, it's clear you didn't read the manual about how to use mysqli_error or what you can use it for). – ADyson May 24 '22 at 08:27
  • This is my homework, and my homework requires me to attack my database – space May 24 '22 at 08:30
  • Ok well you should certainly enable the proper error handling then you understand better why the query is failing, and stop the code from continuing when it shouldn't. – ADyson May 24 '22 at 08:32

0 Answers0