PHP MySQL数据库问题

Code 1:

<?php
class dbConnect {
  var $dbHost = 'localhost',
  $dbUser = 'root',
  $dbPass = '',
  $dbName = 'input_oop',
  $dbTable = 'users';
  function __construct() {

$dbc = mysql_connect($this->dbHost,$this->dbUser,$this->dbPass) or die ("Cannot connect to MySQL : " . mysql_error());
  mysql_select_db($this->dbName) or die ("Database not Found : " . mysql_error());
  }
  }
class User extends dbConnect {
  var $name;
  function userInput($q) {
 $sql = "INSERT INTO $this->dbTable set name = '".$q."'";
  mysql_query($sql) or die (mysql_error());
  }
}
?>

<?php
include ('class.php');
$q=$_GET["q"];
$user = new User;
  $user->userInput($q);
?>

Code 2:

<?php
  $q = $_GET['q'];
$dbc=mysql_connect("localhost","root","") or die (mysql_error());
  mysql_select_db('input_oop') or die (mysql_error());
  $sql = "INSERT INTO users set name = '".$q."'";
  mysql_query($sql) or die (mysql_error());
?>

My Code 1 save in my database:

Saving Multiple!

My Code 2 save in my database:


What is wrong with my code 1?

Well, code 1 is open to SQL injection because you are not escaping $q. As to why you get two records, that problem is not to be found in code 1 but probably in the code that calls userInput.

It is very much open to SQL Injections all over, try having a db.php file and just require_once at the start of each php file needing the db.

Regarding SQL injection vulnerabilities, I'd suggest using prepared statements with PDO. It's easy to use and extremely secure.

More info: http://php.net/manual/en/pdo.prepared-statements.php