在php中編寫代碼並將數據保存在myphpadmin中，數據不會保存到數據庫中，也不存在任何錯誤

Question

我已將以下代碼將相同的簡單數據寫入SQL。 它所做的一切都正確，只是沒有將數據保存到數據庫中。

if ($_SERVER['REQUEST_METHOD'] == 'POST')    {
    $ename = mysqli_real_escape_string($con,$_POST['ename']);
    $enumber = mysqli_real_escape_string($con,$_POST['enumber']);
    $eemail = mysqli_real_escape_string($con,$_POST['eemail']);
    $eproperty = mysqli_real_escape_string($con,$_POST['eproperty']);
    $emessage = mysqli_real_escape_string($con,$_POST['emessage']);
    $status = "OK";
    $msg="";                                                        
    if ($status=="OK") {
        $query = mysqli_query($con,"insert into enquiry (ename, enumber, eemail, eproperty, emessage) values('$ename', '$enumber', '$eemail', '$eproperty', $'emessage')");
        print "<div class='alert alert-success'>Your property enquiry has been submitted successfully.</div>";
    } else { 
        $errormsg = "<div class='alert alert-danger'>
            <button type='button' class='close' data-dismiss='alert'>&times;</button>
            <i class='fa fa-ban-circle'></i><strong>Please Fix Below Errors : </br></strong>".$msg."</div>"; //printing error if found in validation
    }
}

Answer 1

您的代碼對SQL injections開放，請使用准備好的語句。 錯誤在這里：

values('$ename', '$enumber', '$eemail', '$eproperty', $'emessage')");

這是$'emessage'錯字，因此將其更改為：

'$emessage'

Answer 2

最后一個消息變量未正確添加

$query=mysqli_query($con,"insert into enquiry (ename, enumber, eemail, eproperty, emessage) values('$ename', '$enumber', '$eemail', '$eproperty', '$emessage')");//quote should be before variable itself 

您的代碼很容易受到sql注入的攻擊。 在使用mysqli程序樣式時充分利用准備好的語句

使用准備好的語句，

$stmt = $con->prepare("INSERT INTO enquiry (ename,enumber,eemail,eproperty,emessage) VALUES(?,?,?,?,?)");//bind parameter to prevent sql injection 

$stmt->bind_param('sssss', $ename,$enumber, $eemail,$eproperty,$emessage); 

if($stmt->execute() === true) {
echo 'enquiry saved'; 
} else {
echo 'error'. $stmt->error; 
}