[英]php mysql_query insert into not working
<form method="post" action="updatescreen(2).php">
Name of company:<br />
<input type="text" name="artid" id="artid" size="50" /><br /><br />
<input type="submit" name="Insert" id="Insert" value="Insert" /><br /><br />
<?php
if(isset($_POST['Insert'])){
$id = $_POST['artid'];
mysql_query("INSERT INTO test (id) VALUES ('$id', )");
}
?></form>
The connection to the database is included so not mentioned here. 包含与数据库的连接,因此此处未提及。 The connection is working fine, that's not the problem.
连接工作正常,这不是问题。
The problem is: the php code doesn't work. 问题是:php代码不起作用。 The php code doesn't insert the data into my database.
PHP代码不会将数据插入我的数据库。 What's wrong?
怎么了?
You had a ,
after '$id'
: 你有一个
,
后'$id'
:
mysql_query("INSERT INTO test (id) VALUES ('$id')");
Your code is also open to SQL injection . 您的代码也可以进行SQL注入 。 You should be using something like PDO instead of the mysql_* functions, which are deprecated.
您应该使用类似PDO的东西,而不要使用不推荐使用的mysql_ *函数。 With PDO, you can guard against SQL injections by using prepared statements .
使用PDO,您可以通过使用预处理语句防止SQL注入。
Change 更改
mysql_query("INSERT INTO test (id) VALUES ('$id', )");
to 至
mysql_query("INSERT INTO test (id) VALUES ('$id')");
You have one comma too many. 您有一个逗号太多。
mysql_query("INSERT INTO test (id) VALUES ('$id')");
In future, try printing the error, which will help you debug the problem yourself: 将来,请尝试打印错误,这将帮助您自己调试问题:
mysql_query("INSERT INTO test (id) VALUES ('$id')") or die(mysql_error());
And please use PDO
or mysqli
instead of the mysql_
functions, which are insecure and deprecated. 并且请使用
PDO
或mysqli
而不是不安全且已弃用的mysql_
函数。
Try 尝试
<?php if(isset($_POST['Insert'])){
$id = $_POST['artid'];
mysql_query("INSERT INTO test (id) VALUES ('".$id."')")or die(mysql_error());
}?>
<form method="post" action="updatescreen(2).php">
Name of company:<br />
<input type="text" name="artid" id="artid" size="50" /><br /><br />
<input type="submit" name="Insert" id="Insert" value="Insert" /><br /><br />
And => think about the safety! 并且=>考虑安全性!
Errors: 错误:
mysql_query("INSERT INTO test (id) VALUES ('$id', )"); ^---not secure, potencial sql injection ^----not need ","
Use this code for more security (most of all better pdo or mysqli): 使用此代码可提高安全性(最重要的是,最好使用pdo或mysqli):
if(isset($_POST['Insert'])){ $id = mysql_real_escape_string($_POST['artid']); mysql_query("INSERT INTO test (id) VALUES ('$id')");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.