PHP和MYSQL - 在数据库中插入数据失败
[英]PHP&MYSQL - Failed inserting data in database
问题描述
II created a form for inserting a new company and also on this page it is the PHP script which insert the data into the database. 
II创建了一个用于插入新公司的表单,并且在该页面上,它是将数据插入数据库的PHP脚本。
I don`t know where it is the mistake in this code. 我不知道这段代码中的错误在哪里。
<?php
if (isset($_POST['submit']))
{
// Form has been submitted.
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
'{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
'{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
'{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");
$result = mysql_query($query, $connection);
if (!$result) {
echo "The company was not created.";
} else {
echo "The company was successfully created.";
}
}
?>
3 个解决方案
解决方案1
2 已采纳 2013-02-03 11:06:23
rewrite your code and remove those {} from the variables like that 重写你的代码并从那些变量中删除那些{}
VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...
1- be sure to escape them before you send them to database . 1-在将它们发送到数据库之前,请务必将它们转义。
2-dont use mysql , use pdo or mysqli 2 - 不要使用mysql,使用pdo或mysqli
to escape them do like that: 逃避他们是这样的:
$name = mysql_real_escape_string($_POST['name']) ;
and then pass it to ur query like that 然后将它传递给你的查询
VALUES ('$name', .... <-- same with other columns
EDIT- 编辑-
Try this 尝试这个
if (isset($_POST['submit'])) { // Form has been submitted.
$name = mysql_real_escape_string($_POST['name']) ;
$subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
$subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
$subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
$position = mysql_real_escape_string($_POST['position']) ;
$country = mysql_real_escape_string($_POST['country']) ;
$city = mysql_real_escape_string($_POST['city']) ;
$district = mysql_real_escape_string($_POST['district']) ;
$contact = mysql_real_escape_string($_POST['contact']) ;
$set_up_date = mysql_real_escape_string($_POST['setdate']) ;
$address = mysql_real_escape_string($_POST['address']) ;
$phone = mysql_real_escape_string($_POST['phone']) ;
$areacode = mysql_real_escape_string($_POST['areacode']) ;
$website = mysql_real_escape_string($_POST['website']) ;
$fax = mysql_real_escape_string($_POST['fax']) ;
$email = mysql_real_escape_string($_POST['email']) ;
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
'$subdomain2', '$position', '$country', '$city',
'$district', '$contact', '$set_up_date', '$address', '$phone',
'$areacode, '$website', '$fax', '$email')");
echo "The company was successfully created.";
else {
echo "The company was not created.";
}
}
?>
解决方案2
0 2013-02-03 11:11:37
INSERT INTO companies
SET name = $name,
subdomain0 = $domain,
subdomain1 = $doamin1
so on 等等
解决方案3
0 2013-02-03 11:14:51
you have to be careful with sql injections . 你必须小心sql注入 。 you can go through the link to know of other options to mysql_* functions, as it is deprecated. 您可以通过链接了解mysql_ *函数的其他选项,因为它已被弃用。
also its always better to try to find out the error by using mysql_error function to print out the error. 通过使用mysql_error函数打印出错误,尝试找出错误总是更好。 (check the link for alternatives as this too is getting deprecated) (检查替代品的链接,因为这也被弃用)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.