插入语法错误
[英]Error in insert syntax
问题描述
I have been working on a simple php code which links a html form to a mySQL database.
我一直在研究一个简单的 php 代码,它将一个 html 表单链接到一个 mySQL 数据库。 I have installed xampp and am running Apache and mySQL but I cannot seem to solve the problem.我已经安装了 xampp 并且正在运行 Apache 和 mySQL,但我似乎无法解决问题。 Error Alert错误提示
So I've tried several different things in order to fix this syntax error: Syntax Error Location所以我尝试了几种不同的方法来修复这个语法错误: Syntax Error Location
This has been a very big annoyance so if anyone could help me out it would be greatly appreciated.这是一个非常大的烦恼,所以如果有人能帮助我,我将不胜感激。 I also attacted my entire php code but it cut off the php ending.我也加入了我的整个 php 代码,但它切断了 php 结尾。 Entire Code完整代码
Thanks and hope to hear from you soon!感谢并希望尽快收到您的来信!
1 个解决方案
解决方案1
1 2018-08-21 22:57:25
Replace your insert with following insert用以下插入物替换您的插入物
$insert = $conn->prepare("INSERT INTO `general` (email, psw, firstname, lastname) VALUES (?, ?, ?, ?)");
$insert->bind_param("ssss", $email, $psw, $firstname, $lastname);
and then instead of然后代替
$conn->query($sql);
use用
$insert->execute();
This way you will protect your database from SQL injection attack.这样您就可以保护您的数据库免受 SQL 注入攻击。 Well at least in this case.好吧,至少在这种情况下。 This is called prepared statement and you should use them everywhere, where user created data may enter your Database query.这称为准备好的语句,您应该在任何地方使用它们,用户创建的数据可能会输入您的数据库查询。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.