将记录添加到表PHP / MySQL
[英]Adding record to table PHP/MySQL
问题描述
So this should be a very simple add to table PHP/MySQL - however for some reason I can't get to work. 
因此,这应该是对表PHP / MySQL的非常简单的添加-但是由于某些原因,我无法正常工作。 I have tried playing with the quotes placement, connections, etc. However I think I need some help. 我尝试过使用引号位置,连接方式等。但是,我认为我需要一些帮助。 Thanks 谢谢
<?php
//Variables from Form
$Fs = "$_POST[Fs]";
$Ls = "$_POST[Ls]";
$T = "$_POST[T]";
$A = "$_POST[A]";
$Sn = "$_POST[Sn]";
?>
<h2>Add</h2>
<form id="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input name="Fs" type="text" value="First Name" size="20" maxlength="60" onfocus="if (this.value=='First Name') this.value='';"onblur="if (this.value=='') this.value='First Name';"/>
<input name="Ls" type="text" value="Last Name" size="20" maxlength="60"onfocus="if (this.value=='Last Name') this.value='';"onblur="if (this.value=='') this.value='Last Name';" />
<input name="T" type="text" value="Telephone" size="20" maxlength="60" onfocus="if (this.value=='Telephone') this.value='';"onblur="if (this.value=='') this.value='Telephone';"/>
<input name="A" type="text" value="Address" size="20" maxlength="60"onfocus="if (this.value=='Address') this.value='';" onblur="if (this.value=='') this.value='Address';"/>
<input name="Sn" type="text" value="Student Number" size="40" maxlength="40" onfocus="if (this.value=='Student Number') this.value='';" onblur="if (this.value=='') this.value='Student Number';"/>
<?php
if(isset($_POST['Submit']))
{
//Conections
$con = mysql_connect("localhost", "root", "root") or die("Error connecting to database: ".mysql_error());
mysql_select_db("assign2") or die(mysql_error());
//Insert Statements
if($Fs != null && $Ls != null && $T != null && $T != null && $A != null && $Sn != null) {
echo "<br><br><br>" . $Fs . " " . $Ls . " " . $T . " " . $A . " " . $Sn ;
mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) VALUES ('$Fs' , '$Ls' . '$T' . '$A' . '$Sn')");
}
else {
echo "Missing Info";
}
}
?>
2 个解决方案
解决方案1
0 已采纳 2013-09-22 17:52:03
YOU have used (DOT) (.) instead of comma(,) in insert query. 您已在插入查询中使用(DOT)(。)而不是逗号(,)。
mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) VALUES ('$Fs' , '$Ls' , '$T' , '$A' ,'$Sn')"); mysqli_query($ con,“ INSERT INTO'assign2table'(First_Name,Last_Name,Telephone,Address,Student_Number)VALUES('$ Fs','$ Ls','$ T','$ A','$ Sn')” );
解决方案2
0 2013-09-22 17:53:11
First of all, every time you call a database function you should check its return value to see if it failed. 首先,每次调用数据库函数时,都应检查其返回值以查看其是否失败。 When you don't do it something may fail and you won't have any idea what happened. 如果您不这样做,则可能会失败,并且您将不知道发生了什么。
That's the case here: you have separated some of the values in the insert statement with dots instead of commas. 情况就是这样:您已经用点而不是逗号分隔了插入语句中的某些值。 That's an SQL syntax error. 这是一个SQL语法错误。 The query should look like: 查询应如下所示:
$result = mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) VALUES ('$Fs' , '$Ls', '$T', '$A', '$Sn')");
if ($result === FALSE) {
echo "Insert failed: ".mysqli_error($con);
}
Secondly, this code has a glaring SQL injection vulnerability. 其次,此代码具有明显的SQL注入漏洞。 You should learn to use prepared statements . 您应该学习使用准备好的语句 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.