我正在尝试将一个字符串变量从一个表单插入到mysql中,但它一直给我一个错误,并且在错误中它会切断部分语句,所以我认为这是一个问题,因为有一个逗号在字符串......
以下是一些示例代码:
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
$startcode = $_POST['messagefield'];
$replaced = preg_replace( '/\\\\(?="|\')/', '', $startcode );
/* NEW CODE */
/*selectleads[] is now an array of your database's ids.
You can now run a query to get whatever information you
need. In this case, you want the email addresses, so:
*/
$collectedleads = $_POST['selectleads'];
$emailaddylist = array();
foreach ($collectedleads as $id) {
$colname_rs_SelectedLeads = $id;
mysql_select_db($database_myBackOfficeConn, $myBackOfficeConn);
$query_rs_SelectedLeads = sprintf("SELECT * FROM Leads WHERE `Id` = %s", GetSQLValueString($colname_rs_SelectedLeads, "text"));
$rs_SelectedLeads = mysql_query($query_rs_SelectedLeads, $myBackOfficeConn) or die(mysql_error());
$row_rs_SelectedLeads = mysql_fetch_assoc($rs_SelectedLeads);
$totalRows_rs_SelectedLeads = mysql_num_rows($rs_SelectedLeads);
$emailaddylist[] = $row_rs_SelectedLeads['Email'];
$nameaddylist[] = $row_rs_SelectedLeads['FullName'];
}
/*Now you have an array of email addresses that correspond to
the ids you were sent via $_POST.
*/
$emailaddystring = implode(", ", $emailaddylist);
$nameaddystring = implode(", ", $nameaddylist);
echo $emailaddystring . "</br>";
echo $nameaddystring;
$insertSQL = sprintf("INSERT INTO PendingEmails (to, NameTo, subject, message) VALUES ('%s', '%s', '%s', '%s')",
GetSQLValueString($emailaddystring, "text"),
GetSQLValueString($nameaddystring, "text"),
GetSQLValueString($_POST['subjectfield'], "text"),
GetSQLValueString($replaced, "text"));
mysql_select_db($database_myBackOfficeConn, $myBackOfficeConn);
$Result1 = mysql_query($insertSQL, $myBackOfficeConn) or die(mysql_error());
/*$insertGoTo = "View Folder.php?Folder=" . $_POST['Folder'] . "";
header(sprintf("Location: %s", $insertGoTo));*/
mysql_free_result($rs_SelectedLeads);
}
以下是实际表格:
<form action="<?php echo $editFormAction; ?>" method="POST" enctype="application/x-www-form-urlencoded" name="form" id="sendemailform">
<fieldset>
<div class="emailtablecontainer">
<table width="525" border="0" cellspacing="10">
<tr>
<td><label>To:</label></td>
<td><select data-placeholder="Select Lead(s) To Email..." multiple="true" class="chzn-container-multi" name="selectleads[]"style="width:505px;">
<?php
do {
?>
<option value="<?php echo $row_rsAllLeads['Id']; ?>"><?php echo $row_rsAllLeads['FullName']?></option>
<?php
} while ($row_rsAllLeads = mysql_fetch_assoc($rsAllLeads));
$rows = mysql_num_rows($rsAllLeads);
if($rows > 0) {
mysql_data_seek($rsAllLeads, 0);
$row_rsAllLeads = mysql_fetch_assoc($rsAllLeads);
}
?>
</select></td>
</tr>
<tr>
<td><label>Subject:</label></td>
<td><input class="inputs" name="subjectfield" type="text"></td>
</tr>
<tr>
<td><label>Message:</label></td>
<td><textarea id="sendemailtextarea" name="messagefield"></textarea></td>
<script>
CKEDITOR.replace( 'sendemailtextarea',
{
toolbar : 'SendEmailToolbar',
uiColor: '#94B0C1',
height : '62'
});
</script>
</tr>
</table>
</div>
<input class="submitemailbuttonsprite submitemailbutton1" name="submitemail" type="submit" value="Send Email(s)">
</fieldset>
<input type="hidden" name="MM_insert" value="form">
</form>
以下是错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to, NameTo, subject, message) VALUES (''Praesent.luctus.Curabitur@velturpis.edu,' at line 1
有什么建议吗?
答案 0 :(得分:3)
看起来你生成的sql有太多的单引号(')
(''Praesent.luctus.
答案 1 :(得分:0)
您需要在值之间转义逗号:
$string = 'string with commas\,string with more commas\,end of the string';
$sql = "INSERT INTO table_name (row_name) VALUES (:string)";
$q = $conn->prepare($sql);
$q->execute(array(': row_name'=>$string);