这是我的php代码
<?php
$conn=new PDO('mysql:host=xxx; dbname=xxx', 'xxxx', '') or die(mysql_error());
if(isset($_POST['submit'])!=""){
$title = $_POST['title'];// file title
$date = $_POST['date'];// file date
$ref = $_POST['ref'];// file ref
$from_to = $_POST['from_to'];// person incharge
$details = $_POST['details'];// details
$location = $_POST['location'];// file location
$status = $_POST['status'];// file status
$name=$_FILES['photo']['name'];
$size=$_FILES['photo']['size'];
$type=$_FILES['photo']['type'];
$temp=$_FILES['photo']['tmp_name'];
move_uploaded_file($temp,"upload/".$name);
$query=$conn->query("INSERT INTO upload(title, date, ref, from_to, details, location, status, name)VALUES('$title', '$date', '$ref', '$from_to', '$details', '$location', '$status', $name)");
if($query){
header("location:index.php");
}
else{
die(mysqli_error());
}
}
?>
答案 0 :(得分:0)
你最后在名字旁边遗漏了一些引号......
$query=$conn->query("INSERT INTO upload(title, date, ref, from_to, details, location, status, name)VALUES('$title', '$date', '$ref', '$from_to', '$details', '$location', '$status', '$name')");
虽然您应该将其更改为使用预准备语句。