代码很简单 - 从表单中获取值,将其插入到mysql DB中。这是一个片段:
//connect to DB
$dbh = new PDO($db_pdo, $db_user_name, $db_password);
//capture value from form
$first_name = $_POST['first_name'];
//insert value into DB (doesn't work- no new entry created in requests)
$dbh->exec("INSERT INTO requests(first_name) VALUES($first_name)");
//this echo statement works (outputs the value of $first_name):
echo "\$first_name ".$first_name;
//this insert statement works:
$dbh->exec("INSERT INTO requests(first_name) VALUES('oleg')");
答案 0 :(得分:3)
没错,你必须引用你的字符串。
$dbh->exec("INSERT INTO requests(first_name) VALUES('$first_name')");
但是这段代码很容易受到SQL注入攻击。我不确定你如何在PHP中保护它。