仅一列将数据插入MySQL表
[英]Inserting data into MySQL table with only one column
问题描述
Here's my HTML code: 
这是我的HTML代码:
<html>
<body>
<form action="insert.php" method="post">
Script Name: <input type="text" name="scriptname">
<input type="submit">
</form>
</body>
</html>
Here's my PHP code: 这是我的PHP代码:
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
What I'm trying to do is insert in the table appslist into the column listall (the only column in that database). 我正在试图做的是插入表中appslist入列listall (该数据库中的唯一列)。
But I keep getting this error: 但我不断收到此错误:
Error: You have an error in your SQL syntax;
4 个解决方案
解决方案1
2 2013-12-25 18:18:32
You must close your brackets here: 您必须在这里将方括号括起来:
"INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]')";
解决方案2
2 2013-12-25 18:39:44
Here, do use the following which is a safer method . 在这里,请使用以下更安全的方法 。
To point out where you made your mistake, it was a missing quote ' and a bracket ) in ('$_POST[scriptname] which should have read as ('$_POST[scriptname]') (EDIT: As Dan Bracuk pointed out in his comment, thank you Dan.) however, using this method is prone to SQL injection . 要指出,你做你的错误,这是一个缺失报价'和支架)在('$_POST[scriptname]本应读作('$_POST[scriptname]')编辑:由于丹Bracuk中指出,他的评论,谢谢Dan。)但是,使用此方法很容易进行SQL注入 。
Also wrapping your table name with backticks is suggested. 建议还用反引号将表名包装起来。
EDIT: 编辑:
Use the the following (inside commented code below) if you haven't declared your variable. 如果尚未声明变量,请使用以下内容(下面的内部注释代码)。
$scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
Instead of: (Both are in the code below. Simply use the one you need) 而不是:(两者都在下面的代码中。只需使用所需的代码即可)
$scriptname=mysqli_real_escape_string($con,$scriptname);
PHP PHP
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// use the commented one below if you haven't declared your variable.
// $scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
$scriptname=mysqli_real_escape_string($con,$scriptname);
$sql="INSERT INTO `appslist` (listall)
VALUES ('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
解决方案3
0 2013-12-25 18:19:23
use this: 用这个:
$var = mysql_real_escape_string($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES ('$var')";
instead of this: 代替这个:
$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";
You missed ') at the end of statement and ' ' in $_POST variable 您错过了语句结尾的')和$ _POST变量中的''
解决方案4
0 2013-12-25 18:22:10
try this 尝试这个
<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$scriptname = stripslashes($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES('$scriptname')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.