我想将数据插入我这样设置的数据库
我使用下面这样的查询插入数据,它实际上并没有插入数据库,页面重新加载就是这样。这是print_r()
和var_dump()
的结果。实际查询功能如下。可能是什么问题?我认为它可以是某种类型的文本类型溢出。但我无法弄明白,谢谢你的帮助
print_r()
结果:
insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn't require it but it will make the difference between an A or a B. It's very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He's a very good teacher and I would recommend him to someone else')
var_dump()
结果:
string(424) "insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn't require it but it will make the difference between an A or a B. It's very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He's a very good teacher and I would recommend him to someone else')" bool(false)
这是我的代码:
function processadd()
{
$name =htmlentities($_POST['prof']);
$department =htmlentities($_POST['depart']);
$rating =htmlentities($_POST['Rating']);
$easy=htmlentities($_POST['Easiness']);
$textbook =htmlentities($_POST['Book']);
$course =htmlentities($_POST['course']);
$curve =htmlentities($_POST['curve']);
$comment =htmlentities($_POST['comment']);
if($course == "" || $comment == "")
{
print"<div class=error><h3> Empty Fields exist!, please fill out completely</h3></div>";
}
else
{
$db = adodbConnect();
$query = "insert into professor(name,department,rating,easiness,textbook,course,curve,comment)values('$name','$department','$rating','$easy','$textbook','$course','$curve','$comment')";
$result = $db -> Execute($query);
}
print_r($query);
print_r($result);
print"<br>";
print"<br>";
print"<br>";
var_dump($query);
var_dump($result);
}
答案 0 :(得分:0)
您的问题可能出现在评论中。看起来你并没有在整个评论中逃脱。尝试插入此声明:
insert into professor(name,department,rating,easiness,textbook,course,curve,comment)
values('Cherry, Mark','HUMANITIES','8','8','yes','PHIL 3311','no','Go to class. He doesn\'t require it but it will make the difference between an A or a B. It\'s very difficult to do anything without being in class. He gives all the answers you need so long as you show up. He\'s a very good teacher and I would recommend him to someone else');
答案 1 :(得分:0)
虽然您没有指定您收到的错误,但我猜测它与您的查询中的引号无关,特别是(但不限于)comment
列
例如,样本中的列是:
去上课。他不需要它,但它会有所作为 在A或B之间。没有存在就很难做任何事情 在班上。只要你出现,他就会提供你需要的所有答案。 他是一位非常好的老师,我会把他推荐给别人
此文本包含多个单引号,这将破坏您的SQL查询并给您一个错误。
您在每个列的输入上使用htmlentities
,但这不会阻止SQL注入;并且,默认情况下,htmlentities
也不会转换单引号。
我不知道您的数据库类正在实现什么MySQL库,但您可能想尝试使用库的转义函数。
例如,如果您使用较旧的mysql_
功能,请为每个值使用mysql_real_escape_string()
代替htmlentities()
。另一方面,如果您使用的是更推荐的MySQLi或PDO类,请将您的查询转换为预备语句。