Through the prompt method ,i'm taking the name of the person to create a table .The method is working and the name is being parsed by the php script .But no matter what ,the table is not getting created and getting the following
ERROR: Could not able to execute CREATE TABLE kat (Item VARCHAR(50) , Quantity INTEGER, Price REAL).
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'kat (Item VARCHAR(' at line 1 "
echo("<script type='text/javascript'> var answer = prompt('Enter name'); </script>");
$na= "<script type='text/javascript'> document.write(answer); </script>";
$sql = "CREATE TABLE $na (Item VARCHAR(50) , Quantity INTEGER, Price REAL)";
if(mysqli_query($conn, $sql)){
echo "Table created successfully.";}
else {
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
The problem is that you are sending the following as the name of the table (expansion of $na
):
<script type='text/javascript'> document.write(answer); </script>
<script type='text/javascript'> document.write(answer); </script>
which shows as kat
in your error message in the browser, but in reality is it is the Javascript code above, which produces an invalid SQL statement. $na
should be set to something you send to the web server via GET or POST, which will be available in the $_GET
, $_POST
, or $_REQUEST
variables, or in the php://input
stream if you send it in the body of the POST request, eg as JSON. Another issue, but nevertheless worth mentioning - make sure to sanitize the user input to avoid the possibility of SQL-injection.
So, for example, have a POST form with a field answer
that you send to the server, and then $na = mysqli_escape_string($_POST["answer"]);
followed by $sql = "create table `$na` (Item VARCHAR(50) , Quantity INTEGER, Price REAL)";
and the rest of your code.
将您的连接添加到$con.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.