我收到以下错误:
错误:您的SQL语法出错;查看与您的MySQL服务器版本对应的手册,以便在第3行使用'','ax @ yahoo.com','132344545','y8khoob5')附近的正确语法
这是我的代码:
<?php
if (!isset($_POST['submit'])) {
$link = mysql_connect("localhost","root","");
if (!$link)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("sh", $link);
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$confirmation = createRandomPassword();
$datein = $_POST['start'];
$dateout = $_POST['end'];
$name = $_POST['name'];
$address = $_POST['address'];;
$email = $_POST['email'];
$contact = $_POST['contact'];
$status= 'Active';
$sql="INSERT INTO reservation (datein, dateout, name, address, email, contact, confirmation)
VALUES
('$datein','$dateout','$name',$address','$email','$contact','$confirmation')";
mysql_query("INSERT INTO resinvent (datein, dateout, confirmation, status) VALUES ('$datein','$dateout','$confirmation','$status')");
if (!mysql_query($sql,$link))
{
die('Error: ' . mysql_error());
}
}
mysql_close($link)
?>
答案 0 :(得分:5)
您错过了$address'
在
VALUES ('$datein','$dateout','$name', $address',
^ right there
所以:
VALUES ('$datein','$dateout','$name','$address',
mysqli with prepared statements或PDO with prepared statements,它们更安全。