[英]INSERT in MySQL doesn't work
I have a problem with a MySQL request. 我的MySQL请求有问题。 Insertion doesn't work overnight. 插入并非一朝一夕就能完成。 I don't know why. 我不知道为什么
mysql_connect('localhost', 'root', '') or die("Impossible de se connecter : ".mysql_error());
mysql_select_db('db');
$name = mysql_query("SELECT name FROM fruitandvegetable WHERE name='".mysql_real_escape_string(stripcslashes($_POST['name']))."'") or die('Erreur :'.mysql_error());
if (mysql_num_rows($name) != 0) {
$doublonName = "The name already exists";
}
$nombre = mysql_query("SELECT nombre FROM fruitandvegetable WHERE nombre='".mysql_real_escape_string(stripcslashes($_POST['nombre']))."'") or die('Erreur :'.mysql_error());
if (mysql_num_rows($nombre) != 0) {
$doublonNombre = "The number already exists";
} else {
$quer1y = mysql_query("INSERT INTO fruitandvegetable VALUES('', '".$_POST['name']."', 'color', '$month', '$description', '".$_POST['nombre']."')");
}
thanks for your help. 谢谢你的帮助。
You have to specify the column names: 您必须指定列名称:
$quer1y = mysql_query("INSERT INTO fruitandvegetable(column1,col2,col3,...) VALUES('', '".$_POST['name']."', 'color', '$month', '$description', '".$_POST['nombre']."')");
Plus, you should switch to PDO or MySQLi , as mysql_*
functions are deprecated, and you must escape every user input or (better) use prepared statements to prevent SQL injection : 另外,由于不推荐使用mysql_*
函数,因此您应该切换到PDO或MySQLi ,并且必须转义每个用户输入或(更好)使用准备好的语句来防止SQL注入 :
$connect = mysqli_connect("localhost","root","","db");
$name = mysqli_query($connect,"SELECT name FROM fruitandvegetable WHERE name='".mysqli_real_escape_string($connect,stripcslashes($_POST['name']))."'")
or die('Erreur :'.mysqli_error());
if(mysqli_num_rows($name) != 0)
{
$doublonName = "The name already exists";
}
$nombre = mysqli_query($connect,"SELECT nombre FROM fruitandvegetable WHERE nombre='".mysqli_real_escape_string($connect,stripcslashes($_POST['nombre']))."'")
or die('Erreur :'.mysqli_error());
if(mysqli_num_rows($nombre) != 0)
{
$doublonNombre = "The number already exists";
}
else
{
$quer1y = mysqli_query($connect,"INSERT INTO fruitandvegetable VALUES('', '".mysqli_real_escape_string($connect,$_POST['name'])."', 'color', '".mysqli_real_escape_string($connect,$month)."', '".mysqli_real_escape_string($connect,$description)."', '".mysqli_real_escape_string($connect,$_POST['nombre'])."')");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.