我无法执行PHP插入查询
[英]I'm Unable to perform a PHP insert query
问题描述
I'm trying to insert the data in a MYSQL database but it seems that my query is not working i've tried all other methods but nothing is working for me ,Here is the PHP that i'm using 
我正在尝试将数据插入MYSQL数据库中,但似乎我的查询无法正常工作,我尝试了所有其他方法,但没有任何工作对我来说,这是我正在使用的PHP
<?php
$server="localhost";
$database="hospital";
$login="root";
$password="";
$connexion=mysql_connect ($server, $login, $password) or die ('Server cannot be found'.mysql_error ( ));
mysql_select_db ($database,$connexion)or die ('database cannot be found'.mysql_error( ));
$a= mysql_real_escape_string($_POST['doctorname']);
$b = mysql_real_escape_string($_POST['writtendate']);
$c = mysql_real_escape_string($_POST['hospitalname']);
$d = mysql_real_escape_string($_POST['patientname']);
$e = mysql_real_escape_string($_POST['dateofbirth']);
$f= mysql_real_escape_string($_POST['cardnumber']);
$g = mysql_real_escape_string($_POST['groupname']);
$h = mysql_real_escape_string($_POST['drug1']);
$i = mysql_real_escape_string($_POST['drug2']);
$j = mysql_real_escape_string($_POST['drug3']);
$k = mysql_real_escape_string($_POST['drug4']);
$l = mysql_real_escape_string($_POST['amount1']);
$m = mysql_real_escape_string($_POST['amount2']);
$n = mysql_real_escape_string($_POST['amount3']);
$f = mysql_real_escape_string($_POST['principalmembersname']);
if(@$_POST['submit'])
{
$query="insert into uap(doctorname,writtendate,hospitalname,patientname,dateofbirth,cardnumber,groupname,principalmembersname,drug1,drug2,drug3,drug4,amount1,amount2,amount3) values ('$_POST[doctorname]','$_POST[writtendate]','$_POST[hospitalname]','$_POST[patientname]','$_POST[dateofbirth]','$_POST[cardnumber]','$_POST[groupname]','$_POST[principalmembersname]','$_POST[drug1]','$_POST[drug2]','$_POST[drug3]','$_POST[drug4]','$_POST[amount1]','$_POST[amount2]','$_POST[amount3]')";
$answer=mysql_db_query ($database, $query);
}
mysql_close ($connexion);
?>
2 个解决方案
解决方案1
2 2017-05-11 19:08:16
To get you on the right track on using PDO and prepared statements (with named placeholders in this case): 为了使您正确使用PDO和准备好的语句(在这种情况下,使用命名占位符):
<?php
$pdo = new PDO('mysql:host=localhost;dbname=databasename', 'username', 'password');
$statement = $pdo->prepare("INSERT INTO `uap` (`doctorname`,`writtendate`,`hospitalname`,`patientname`,`dateofbirth`,`cardnumber`,`groupname`,`principalmembersname`,`drug1`,`drug2`,`drug3`,`drug4`,`amount1`,`amount2`,`amount3`) VALUES (:doctorname, :writtendate, :hospitalname, :patientname, :dateofbirth, :cardnumber, :groupname, :principalmembersname, :drug1, :drug2, :drug3, :drug4, :amount1, :amount2, :amount3)");
$result = $statement->execute(
array(
'doctorname' => $_POST['doctorname'],
'writtendate' => $_POST['writtendate'],
'hospitalname' => $_POST['hospitalname'],
'patientname' => $_POST['patientname'],
'dateofbirth' => $_POST['dateofbirth'],
'cardnumber' => $_POST['cardnumber'],
'groupname' => $_POST['groupname'],
'principalmembersname' => $_POST['principalmembersname'],
'drug1' => $_POST['drug1'],
'drug2' => $_POST['drug2'],
'drug3' => $_POST['drug3'],
'drug4' => $_POST['drug4'],
'amount1' => $_POST['amount1'],
'amount2' => $_POST['amount2'],
'amount3' => $_POST['amount3']
)
);
if (!$result)
{
echo "SQL Error <br/>";
echo $statement->queryString."<br/>";
echo $statement->errorInfo()[2];
}
Although I still think your schema could use some optimization (eg. a dedicated drug table with a many-to-many relation to patients or whatever this is) 尽管我仍然认为您的架构可以使用一些优化方法(例如,与患者或多对多关系具有专用关系的专用药物表)
解决方案2
0 2017-05-11 19:55:45
The problem with the code that you have above mainly lies in string concatenation. 您上面的代码存在的问题主要在于字符串连接。 In your $query variable you have two primary issues: 在$query变量中,有两个主要问题:
First you have combined array syntax within a quoted string: $query = "insert into uap (...) values ('$_POST[doctorname]')" 首先,您已在带引号的字符串中组合了数组语法: $query = "insert into uap (...) values ('$_POST[doctorname]')"
Second the when you reference arrays like $_POST[doctorname] (without the quotes around the keys) PHP assumes that the unquoted string is a constant that contains the same value as its name. 其次,当您引用$_POST[doctorname]类的数组(键周围没有引号)时,PHP假定未加引号的字符串是一个常量,该常量包含与其名称相同的值。 That makes this seem like proper code, but it is actually very, VERY messy. 这使它看起来像是正确的代码,但实际上非常混乱。
The PHP interpreter cannot understand exactly what you are trying to do in this case and ends up stopping concatenation at the $_POST variable. 在这种情况下,PHP解释器无法完全理解您要执行的操作,最终导致在$ _POST变量处停止并置。 So your resultant string probably looks something like this: insert into uap (...) values ('array[doctorname]') . 因此,结果字符串可能看起来像这样: insert into uap (...) values ('array[doctorname]') 。 You can correct this by using braces to tell the PHP interpreter to use the whole array syntax in the string: $query = "insert into uap (...) values ('{$_POST['doctorname']}')" or by using the concatenation . 您可以通过使用花括号告诉PHP解释器使用字符串中的整个数组语法来纠正此问题: $query = "insert into uap (...) values ('{$_POST['doctorname']}')"或通过使用串联. operator to perform proper string concatenation: $query = 'insert into uap (...) values ('".$_POST['doctorname']."')" . 操作符以执行正确的字符串连接: $query = 'insert into uap (...) values ('".$_POST['doctorname']."')" 。
You simplest solution however, is to use the variables that you had specified above in your code. 但是,最简单的解决方案是使用上面在代码中指定的变量。 You final $query variable should look something like this (which will also use the `mysql_escape_string() function that you used above): 最后的$query变量应如下所示(它还将使用上面使用的`mysql_escape_string()函数):
<?php
$server="localhost";
$database="hospital";
$login="root";
$password="";
$connexion=mysql_connect ($server, $login, $password) or die ('Server cannot be found'.mysql_error ( ));
mysql_select_db ($database,$connexion)or die ('database cannot be found'.mysql_error( ));
$doctorname = mysql_real_escape_string($_POST['doctorname']);
$writtendate = mysql_real_escape_string($_POST['writtendate']);
$hospitalname = mysql_real_escape_string($_POST['hospitalname']);
$patientname = mysql_real_escape_string($_POST['patientname']);
$datofbirth = mysql_real_escape_string($_POST['dateofbirth']);
$cardnumber = mysql_real_escape_string($_POST['cardnumber']);
$groupname = mysql_real_escape_string($_POST['groupname']);
$drug1 = mysql_real_escape_string($_POST['drug1']);
$drug2 = mysql_real_escape_string($_POST['drug2']);
$drug3 = mysql_real_escape_string($_POST['drug3']);
$drug4 = mysql_real_escape_string($_POST['drug4']);
$amount1 = mysql_real_escape_string($_POST['amount1']);
$amount2 = mysql_real_escape_string($_POST['amount2']);
$amount3 = mysql_real_escape_string($_POST['amount3']);
$principlemembersname = mysql_real_escape_string($_POST['principalmembersname']);
if(@$_POST['submit'])
{
$query = "insert into uap(doctorname,writtendate,hospitalname,patientname,dateofbirth,cardnumber,groupname,principalmembersname,drug1,drug2,drug3,drug4,amount1,amount2,amount3)
values ('$doctorname','$writtendate','$hospitalname','$patientname','$datofbirth','$cardnumber','$groupname','$principlemembersname','$drug1','$drug2','$drug3','$drug4','$amount1','$amount2','$amount3')";
$answer=mysql_db_query ($database, $query);
}
mysql_close ($connexion);
?>
As noted by other users it would be a good idea to convert this code to use PDO and prepared statements as the mysql functions in PHP are deprecated. 正如其他用户所指出的那样,由于不建议使用PHP中的mysql函数,因此最好将此代码转换为使用PDO和准备好的语句。
Good luck! 祝好运! I hope this helps! 我希望这有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.