这是接受的语法吗?更重要的是,它会起作用吗?
$temp = mysql_query("INSERT INTO streamer_ids (username,streamer_id,premium) VALUES($username,$randstring,0)");
$temp->closeCursor();
答案 0 :(得分:3)
您需要在字符串周围加上引号才能使其正常工作。
mysql_query("INSERT INTO streamer_ids (username,streamer_id,premium)
VALUES('$username', '$randstring', '0')");
SP。如果你连接到MySQL,那么它将适用于这些变化。另外,不要忘记采取针对SQL注入攻击的预防措施。为此,您应该在运行查询之前对所有变量执行此操作:
$username = mysql_real_escape_string($username);
$randstring = mysql_real_escape_string($randstring);
$premium = intval($premium); //supposing it is always integer.
答案 1 :(得分:0)
$tempquery = "INSERT INTO streamer_ids (username,streamer_id,premium) VALUES($username,$randstring,0);
$result = mysql_query($tempquery);
感谢。