我正在尝试创建一个简单的用户插入语句...但它出错...我只尝试使用值并且它有效,它必须是我在insert语句中处理数组的方式吗?
任何想法?
if ($new_user_data) {
$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
VALUES ( ". $new_user_data['user_name'] .",". $new_user_data['user_year'] .",". $new_user_data['user_sex'] .",". $new_user_data['user_pic'] .",1,". $new_user_data['user_password'] .",". $new_user_data['user_email'] ." )");
print_r($mysqli->error);
}
错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.coms )' at line 2
答案 0 :(得分:3)
你需要用引号括起你的字符串:
$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
VALUES ( '". $new_user_data['user_name'] ."','". $new_user_data['user_year'] ."','". $new_user_data['user_sex'] ."','". $new_user_data['user_pic'] ."',1,'". $new_user_data['user_password'] ."','". $new_user_data['user_email'] ." )'");
我知道我看不到你的所有代码,但看起来你对SQL注入很开放。