简体   繁体   English

PHP MYSQL插入命令无效

[英]PHP MYSQL insert command doesnt work

I am struggling with this piece of code. 我在这段代码中苦苦挣扎。 Why doesn't it work? 为什么不起作用? It does receive the variables, but the sql command doesn't work. 它确实接收变量,但是sql命令不起作用。

 if ($action=='create')
  {

  $Surname=$_REQUEST['Surname'];
  $Name=$_REQUEST['Name'];
  $Fathername=$_REQUEST['Fathername'];
  $Dateofbirth=$_REQUEST['Dateofbirth'];
  $Afm=$_REQUEST['Afm'];
  $Landline=$_REQUEST['landline'];
  $Mobile=$_REQUEST['Mobile'];
  $Address=$_REQUEST['Adrs'];
  $Addressnum=$_REQUEST['Adrsnm'];
  $Location=$_REQUEST['Location'];
  $ZIP=$_REQIEST['Zip'];
  $Bankaccount=$_REQUEST['Bankaccount'];

$createuser=mysql_query("INSERT INTO `Customers` (`Surname`,`CName`,`Fathername`,`Birthdate`,`AFM`,`Landline`,`Mobile`,`Address`,`Adressnum`,`Location`,`ZIP`,`Bankaccount`) VALUES ('$Surname','$Name','$Fathername','$Dateofbirth','$Afm','$Landline','$Mobile','$Address','$Addressnum','$Location','$ZIP','$Bankaccount')");
}
mysql_query("INSERT INTO `Customers` (`Surname`,`CName`,`Fathername`,`Birthdate`,`AFM`,`Landline`,`Mobile`,`Address`,`Adressnum`,`Location`,`ZIP`,`Bankaccount`) VALUES ('$Surname','$Name','$Fathername','$Dateofbirth','$Afm','$Landline','$Mobile','$Address','$Addressnum','$Location',
'$ZIP','$Bankaccount')")or die(mysql_error());

Will give you the answer. 会给你答案。

And make sure to escape your data: 并确保转义数据:

 $Surname=mysql_real_escape_string($_REQUEST['Surname']);
  $Name=mysql_real_escape_string($_REQUEST['Name']);
  $Fathername=mysql_real_escape_string($_REQUEST['Fathername']);
 [...]

Better, use a prepared statement: 更好的是,使用准备好的语句:

$q =  $sql->prepare("INSERT INTO `Customers` SET `Surname` = ? [...]");
$q->execute( array( $_REQUEST['Surname'], [...] ) );

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM