我是PHP的新手,对MySQLi和都很新。我试图在由5个变量组成的数据库中插入一行。
if($_POST['submit']) {
$title = mysqli_escape_string($_POST['title']);
$content = $_POST['content'];
$author = $_SESSION['fullname'];
$publishedtime = time();
$pageID = $_POST['pageid'];
$connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($connection->errno) {
printf("Connection failed: %s\n", $connection->error);
exit();
}
$author = $_SESSION['fullname'];
$publishedtime = time();
$q = "INSERT INTO posts (title, content, author, publishedtime, pageID) VALUES ('".$title."', '".$content."', '".$author."', '".$publishedtime."', '".$pageID."')";
if (!$dbc->query($q)) {
echo "INSERT failed: (" . $dbc->errno . ") " . $dbc->error;
}
echo "Newest user id = ",$dbc->insert_id;
$connection->close();
}
else {
addPostForm();
}
我收到了这些错误:
警告:mysqli_escape_string()需要2个参数,第11行/admin/manage.php中给出的参数为1
致命错误:在第27行的/admin/manage.php中调用非对象的成员函数query()
我可以很好地阅读数据库,但无法插入数据库。
由于
答案 0 :(得分:3)
如果您在创建real_escape_string对象后使用mysqli,则可以使用
$connection->real_escape_string($_POST['title'])
http://www.php.net/manual/en/mysqli.real-escape-string.php
至于查询错误...... $dbc来自哪里?!你会想要使用:
$connection->query(...);