[英]insert data into database using php
您好,當我直接輸入數據時,我試圖將url中的數據插入數據庫中,但它可以工作,但是當我嘗試使用url方法時,它將停止工作。
你能幫忙看一下代碼和C我在做什么錯
這是我的代碼:
$flight_Number = $_GET['FlightNumber'];
$arrival_Status = $_GET['ArrivalStatus'];
$recipient_Email = $_GET['EmailAddress'];
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
***mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email"' ,'')");***
#mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', '$_GET[FlightNumber]','$_GET[ArrivalStatus]','$_GET[EmailAddress]', '')");
#mysql_query("INSERT INTO landed (priKey, flightNumber,arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', 'AK81','Landed', 'soulreaver19802001@yahoo.com', '')");
echo "Database updated with: " .$flight_Number. " ".$arrival_Status.;
mysql_close($con);
?>
您忘記添加.
在$recipient_Email
。
mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email."' ,'')")
使用mysql_real_escape_string進行轉義,否則查詢將查詢是否有其他任何變量包含單引號,並且您的查詢正在邀請某人進行SQL注入 。
假設您正在嘗試通過表單執行此操作,那么表單是否使用method="get"
或method="post"
? 如果使用POST,則需要將PHP從$ _GET更改為$ _POST。
希望此更新對您有所幫助。
function mysqlConnect($host, $user, $password, $database) {
$con = mysql_connect($host, $user, $password);
if (!$con) die('Could not connect: ' . mysql_error());
mysql_select_db($database, $con);
}
mysqlConnect('localhost','root','123456','transport_db');
$flight_Number = isset($_GET['FlightNumber']);
$arrival_Status = isset($_GET['ArrivalStatus']);
$recipient_Email = isset($_GET['EmailAddress']);
$flight_Number = mysql_real_escape_string($flight_Number);
$arrival_Status = mysql_real_escape_string($arrival_Status);
$recipient_Email = mysql_real_escape_string($recipient_Email);
$results = mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '$flight_Number','$arrival_Status', '$recipient_Email' ,'')") or die('Could not insert record:'.mysql_error());
if($results)
{
echo "Database updated with: $flight_Number $arrival_Status.";
}
mysql_close($con);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.