[英]Inserting data into MySQL table with only one column
Here's my HTML code: 这是我的HTML代码:
<html>
<body>
<form action="insert.php" method="post">
Script Name: <input type="text" name="scriptname">
<input type="submit">
</form>
</body>
</html>
Here's my PHP code: 这是我的PHP代码:
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
What I'm trying to do is insert in the table appslist
into the column listall
(the only column in that database). 我正在试图做的是插入表中
appslist
入列listall
(该数据库中的唯一列)。
But I keep getting this error: 但我不断收到此错误:
Error: You have an error in your SQL syntax;
错误:您的SQL语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near ''43things clone script' at line 3
检查与您的MySQL服务器版本相对应的手册以获取正确的语法,以在第3行的“ 43things clone script”附近使用
You must close your brackets here: 您必须在这里将方括号括起来:
"INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]')";
Here, do use the following which is a safer method . 在这里,请使用以下更安全的方法 。
To point out where you made your mistake, it was a missing quote '
and a bracket )
in ('$_POST[scriptname]
which should have read as ('$_POST[scriptname]')
(EDIT: As Dan Bracuk pointed out in his comment, thank you Dan.) however, using this method is prone to SQL injection . 要指出,你做你的错误,这是一个缺失报价
'
和支架)
在('$_POST[scriptname]
本应读作('$_POST[scriptname]')
编辑:由于丹Bracuk中指出,他的评论,谢谢Dan。)但是,使用此方法很容易进行SQL注入 。
Also wrapping your table name with backticks is suggested. 建议还用反引号将表名包装起来。
Use the the following (inside commented code below) if you haven't declared your variable. 如果尚未声明变量,请使用以下内容(下面的内部注释代码)。
$scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
Instead of: (Both are in the code below. Simply use the one you need) 而不是:(两者都在下面的代码中。只需使用所需的代码即可)
$scriptname=mysqli_real_escape_string($con,$scriptname);
PHP PHP
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// use the commented one below if you haven't declared your variable.
// $scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
$scriptname=mysqli_real_escape_string($con,$scriptname);
$sql="INSERT INTO `appslist` (listall)
VALUES ('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
use this: 用这个:
$var = mysql_real_escape_string($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES ('$var')";
instead of this: 代替这个:
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
You missed ')
at the end of statement and ' ' in $_POST variable 您错过了语句结尾的
')
和$ _POST变量中的''
try this 尝试这个
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$scriptname = stripslashes($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.