[英]I am getting a Syntax Error in SQL
Having trouble submitting data to a database because of syntax error. 由于语法错误,无法将数据提交到数据库。
Database Structure 数据库结构
database: red_fungi
username: fungi_47
password: *******
Table Structure: 表结构:
columns > type 列> 类型
id > int(11)
first_name > text
last_name > text
email > text
phone > text
website > text
description > text
As well as the php code: 以及php代码:
<?php
$servername = "localhost";
$username = "fungi_47";
$password = "********";
$dbname = "red_fungi";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Escape user inputs for security
$first_name = mysqli_real_escape_string($link, $_POST['first_name']);
$last_name = mysqli_real_escape_string($link, $_POST['last_name']);
$email = mysqli_real_escape_string($link, $_POST['email']);
$phone = mysqli_real_escape_string($link, $_POST['phone']);
$website = mysqli_real_escape_string($link, $_POST['website']);
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$hosting = mysqli_real_escape_string($link, $_POST['hosting']);
$sql = "INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting)
VALUES (NULL, $first_name, $last_name, $email, $phone, $website, $comment, $hosting)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
When submitting, I see that the post has been successful: 提交时,我看到该帖子已成功完成:
first_name=Bill&last_name=Nye&email=bill%40nye.com&phone=8888888888&website=billnyefungi.com&comment=help%20me%20make%20a%20fungi%20website&hosting=yes
but the post response shows the following error: 但帖子响应显示以下错误:
Error: INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting) VALUES (NULL, , , , , , , )
错误:INSERT INTO联系人(标识,名字,姓氏,电子邮件,电话,网站,描述,托管)值(NULL 、、、、、、、、)
You have an error in your SQL syntax;您的SQL语法有误; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , )' at line 2
检查与您的MySQL服务器版本相对应的手册,以在第2行的',,,,,,'附近使用正确的语法
However I've checked the syntax and can't see anything wrong with it. 但是我已经检查了语法,看不到任何错误。 Any ideas what's going wrong?
任何想法出什么事了吗?
Your sql statement needs to look more like this: 您的sql语句需要看起来像这样:
$sql = "INSERT INTO `contact` (`id`, `first_name`, `last_name`, `email`, `phone`, `website`, `description`, `hosting`)
VALUES (NULL, '{$first_name}', '{$last_name}', '{$email}', '{$phone}', '{$website}', '{$comment}', '{$hosting}')";
The first thing I do when I have a problem like this is echo out the sql and see if there are obvious problems 当我遇到这样的问题时,我要做的第一件事是回显sql,看看是否存在明显的问题
and follow up on all the data validation & security points made by other users. 并跟踪其他用户所做的所有数据验证和安全点。
Your code is assuming that $_POST['XXX'] will be populated, and it isn't. 您的代码假定$ _POST ['XXX']将被填充,而实际上不是。 Thats what all those ,,,,,,,, mean in the error.
多数民众赞成在错误中的所有含义。
Instead, first check if $_POST['XXX'] is created, and has a value prior to using it. 而是先检查$ _POST ['XXX']是否已创建,并在使用前具有一个值。
if ((isset($_POST['first_name'])) && (!empty( $_POST['first_name'])) ) {
//do query and rest of your script
} else { die('Need form input');}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.