我在将一个表单中的数据插入到我的数据库中时出现了一个小问题,以下是INSERT语句:
if (isset($_REQUEST['Submit'])) {
// Code to insert note into field;
$sql = "INSERT INTO fields (notes) VALUES
('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."')
WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";
if($result = mysql_query($sql)) {
echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
} else {
echo "ERROR: ".mysql_error();
}
} else {
生成此错误消息:
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE companyId='11' AND fileNumber =''' at line 1
首先,$ filename变量显然没有显示,我可以将$ companyid [id] var复制到字段中,它会正确显示var内容,但仍会引发语法错误。
我是一名PHP SQL菜鸟,正在自学,所以请温柔地对待我:)
下面是完整的代码减去表格
<?php
include "header.php";
$checkFiles = "checkFiles.php";
// Catches form input from previous page and stores it into session variable called filename for future reference;
$_SESSION['filename']=$_POST['filename'];
$filename = $_SESSION['filename'];
//User id stuff from previous page too;
$userid = $_SESSION['userid'];
$id = mysql_query("SELECT id FROM users WHERE DXNumber='".$userid."'");
// Returns pointer so fetch it as an array and insert it into variable $companyid for later use;
$companyid = mysql_fetch_array($id);
if (isset($_REQUEST['Submit'])) {
// Code to insert note into field;
$sql = "INSERT INTO fields (notes) VALUES ('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."')
WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";
if($result = mysql_query($sql)) {
echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
答案 0 :(得分:2)
INSERT INTO语句没有WHERE条款。
它应该是INSERT INTO <table> (field1, field2, field3) VALUES (value1, value2, value3)
而不是INSERT INTO <table> (field1) VALUES (value1) WHERE field2 = value2等。