无法使用查询使用 PHP 将数据插入数据库

Question

Everything works up until the query for inserting the data into the database.一切正常，直到查询将数据插入数据库。 I've tried using only one variable to insert into the database and I still can't get the query to run correctly.我试过只使用一个变量插入数据库，但仍然无法正确运行查询。 It may just be a simple typo that I'm missing but I can't seem to find it.这可能只是我遗漏的一个简单的错字，但我似乎找不到它。

HTML select page HTML 选择页面

 <!DOCTYPE html> <html> <head> <title></title> <style> * { margin: 0; padding: 0; } #container { margin: 15px auto; width: 700px; border: 1px solid #cccccc; border-radius: 3px; } .title-container { padding: 20px; } .title { font-size: 28px; margin: 20px; } .price { color: red; } img { width: 100%; height: auto; margin: 0; padding: 0; } #submit { width: 100%; text-align: center; background-color: red; color: white; padding: 15px; border: 0; margin-bottom: 20px; font-size: 20px; } </style> </head> <body> <div id="container"> <form action="checkout.php" method="post"> <div class="product"> <div class="title-container"> <input type="radio" name="game" value="Assassin's Creed II"><span class="title">Assassin's Creed II - <span class="price">$15.99</span><br /> </div> <img src="assassin2.png"> </div> <div class="product"> <div class="title-container"> <input type="radio" name="game" value="Assassin's Creed Brotherhood"><span class="title">Assassin's Creed Brotherhood - <span class="price">$19.99</span><br /> </div> <img src="brotherhood.jpg"> </div> <div class="product"> <div class="title-container"> <input type="radio" name="game" value="Assassin's Creed Revelations"><span class="title">Assassin's Creed Revelations - <span class="price">$24.99</span><br /> </div> <img src="revelations.jpg"> </div> <h4>Enter quantity: <input type="number" size="2" name="qty"></h4> <input type="submit" value="Checkout" id="submit"> </form> </div> </body> </html>

PHP order overview page PHP 订单概览页面

 <?php session_start(); $game = $_POST['game']; $qty = $_POST['qty']; $_SESSION['sale_game'] = $game; $_SESSION['sale_qty'] = $qty; $price; $subtotal; if ($game == "Assassin's Creed II") { $price = 15.99; } elseif ($game == "Assassin's Creed Brotherhood") { $price = 19.99; } elseif ($game == "Assassin's Creed Revelations") { $price = 24.99; } $_SESSION['sale_price'] = $price; $subtotal = $price * $qty; $_SESSION['sale_subtotal'] = $subtotal; ?> <!DOCTYPE html> <html> <head> <title></title> <style> * { margin: 0; padding: 0; } #container { width: 1000px; margin: 15px auto; border: 1px solid black; overflow: auto; } #image-container { float: left; padding: 10px; } #info-container { float: left; padding: 20px; } h3 { margin-left: 10px; } p { margin: 10px; } #price { color: red; } #user-info-container { clear: both; padding: 10px; } h2 { color: red; } table { margin: 20px auto; font-size: 24px; } input { font-size: 18px; } #submit { color: white; background-color: red; border: 0; padding: 10px; border-radius: 3px; } </style> </head> <body> <div id="container"> <div id="image-container"> <?php if ($game == "Assassin's Creed II") { echo "<img src='assassin2.png' width='300' height='170'/>"; } elseif ($game == "Assassin's Creed Brotherhood") { echo "<img src='brotherhood.jpg' width='300' height='170'/>"; } elseif ($game == "Assassin's Creed Revelations") { echo "<img src='revelations.jpg' width='300' height='170' />"; } ?> </div> <div id="info-container"> <h3>Checkout Info</h3> <p><strong>Game:</strong> <?php echo $game; ?></p> <p><strong>Price:</strong> <span id="price">$<?php echo $price; ?></span></p> <p><strong>Quantity:</strong> <?php echo $qty; ?></p> <p><strong>Subtotal:</strong> $<?php echo $subtotal; ?></p> </div> <hr style="clear: both; margin: 10px"> <div id="user-info-container"> <h2>Enter your information</h2> <form action="insert.php" method="post"> <table cellspacing="10"> <tr> <td>First Name</td> <td>Last Name</td> </tr> <tr> <td><input type="text" name="fName"></td> <td><input type="text" name="lName"></td> </tr> <tr> <td>Address</td> <td></td> </tr> <tr> <td colspan="2"><input type="text" name="address" style="width: 99%"></td> </tr> <tr> <td>City</td> <td>State</td> </tr> <tr> <td><input type="text" name="city"></td> <td><input type="text" name="state"></td> </tr> <tr> <td>ZIP</td> <td>Email</td> </tr> <tr> <td><input type="number" name="zip"></td> <td><input type="text" name="email"></td> </tr> <tr> <td colspan="2" style="text-align: center;"><input type="submit" value="Submit Order" id="submit"></td> </tr> </table> </form> </div> </div> </body> </html>

PHP insert page PHP 插入页面

 <?php session_start(); $game = $_SESSION['sale_game']; $qty = $_SESSION['sale_qty']; $price = $_SESSION['sale_price']; $subtotal = $_SESSION['sale_subtotal']; $fName = $_POST['fName']; $lName = $_POST['lName']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $email = $_POST['email']; $con = new mysqli('localhost', 'root', 'root', 'purchases'); if (!$con) { echo "Not connected to database"; } else { $query = "INSERT INTO orders (Game, Price, Quantity, Total, fName, lName, Address, City, State, Zip, Email) VALUES ('$game', '$price', '$qty', '$subtotal', '$fName', '$lName', '$address', '$city', '$state', '$zip', '$email')"; if ($con->query($query) === TRUE) { echo "Inserted"; } else { echo "Not Inserted"; } } ?> <!DOCTYPE html> <html> <head> <title></title> <style> * { margin: 0; padding: 0; } #container { top: 50%; left: 50%; position: absolute; border: 1px solid black; } </style> </head> <body> <div id="container"> <p> </p> </div> </body> </html>

Answer 1

Try to escape strings:尝试转义字符串：

<?php
        session_start();
        $con = new mysqli('localhost', 'root', 'root', 'purchases');
        if (!$con) {
            echo "Not connected to database";
        } else {
            $game = mysqli_real_escape_string($con,$_SESSION['sale_game']);
            $qty = mysqli_real_escape_string($con,$_SESSION['sale_qty']);
            $price = mysqli_real_escape_string($con,$_SESSION['sale_price']);
            $subtotal = mysqli_real_escape_string($con,$_SESSION['sale_subtotal']);
            $fName = mysqli_real_escape_string($con,$_POST['fName']);
            $lName = mysqli_real_escape_string($con,$_POST['lName']);
            $address = mysqli_real_escape_string($con,$_POST['address']);
            $city = mysqli_real_escape_string($con,$_POST['city']);
            $state = mysqli_real_escape_string($con,$_POST['state']);
            $zip = mysqli_real_escape_string($con,$_POST['zip']);
            $email = mysqli_real_escape_string($con,$_POST['email']);
            $query = "INSERT INTO orders (Game, Price, Quantity, Total, fName, lName, Address, City, State, Zip, Email) VALUES ('$game', '$price', '$qty', '$subtotal', '$fName', '$lName', '$address', '$city', '$state', '$zip', '$email')";
            if ($con->query($query) === TRUE) {
                echo "Inserted";
            } else {
                echo "Not Inserted";
            }
        }
    ?>

Answer 2

you should use prepared statement and placeholders你应该使用准备好的语句和占位符

$con = new mysqli('localhost', 'root', 'root', 'purchases');
    if (!$con) {
        echo "Not connected to database";
    } else {
        $query = "INSERT INTO orders (Game, Price, Quantity, Total, fName, lName, Address, City, State, Zip, Email) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $con->prepare($query);
$stmt->bind_param("s", $game);
$stmt->bind_param("d", $price);
$stmt->bind_param("i", $qty);
$stmt->bind_param("d", $subtotal);
$stmt->bind_param("s", $fName);
$stmt->bind_param("s", $lName);
$stmt->bind_param("s", $address);
$stmt->bind_param("s", $state);
$stmt->bind_param("s", $zip);
$stmt->bind_param("s", $email);


        if ($stmt->execute() === TRUE) {
            echo "Inserted";
        } else {
            echo "Not Inserted";
        }
    }

无法使用查询使用 PHP 将数据插入数据库

问题描述

2 个解决方案

解决方案1
0 2017-10-25 09:35:29

解决方案2
0 2017-10-25 09:54:42

无法使用查询使用 PHP 将数据插入数据库

问题描述

2 个解决方案

解决方案1 0 2017-10-25 09:35:29

解决方案2 0 2017-10-25 09:54:42

解决方案1
0 2017-10-25 09:35:29

解决方案2
0 2017-10-25 09:54:42