Question

II创建了一个用于插入新公司的表单，并且在此页面上还有将脚本数据插入数据库的PHP脚本。

我不知道这段代码中的错误在哪里。

<?php
if (isset($_POST['submit']))
{
    // Form has been submitted.
    $query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2, 
    position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
    VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
    '{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
    '{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
    '{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");

    $result = mysql_query($query, $connection);
    if (!$result) {
        echo  "The company was not created.";
    } else {
        echo  "The company was successfully created.";
    }
}
?>

Answer 1

重写代码并从像

这样的变量中删除{}

    VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...

1-确保在将它们发送到数据库之前将其转义。

2 - 不要使用mysql，使用pdo或mysqli

逃避他们就是这样：

 $name = mysql_real_escape_string($_POST['name']) ;

然后将其传递给你的查询

    VALUES ('$name', .... <-- same with other columns

编辑 -

试试这个

  if (isset($_POST['submit'])) { // Form has been submitted.

  $name = mysql_real_escape_string($_POST['name']) ;
  $subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
  $subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
  $subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
  $position = mysql_real_escape_string($_POST['position']) ;
  $country = mysql_real_escape_string($_POST['country']) ;
  $city = mysql_real_escape_string($_POST['city']) ;
  $district = mysql_real_escape_string($_POST['district']) ;
  $contact = mysql_real_escape_string($_POST['contact']) ;
  $set_up_date = mysql_real_escape_string($_POST['setdate']) ;
  $address = mysql_real_escape_string($_POST['address']) ;
  $phone = mysql_real_escape_string($_POST['phone']) ;
  $areacode = mysql_real_escape_string($_POST['areacode']) ;
  $website = mysql_real_escape_string($_POST['website']) ;
  $fax = mysql_real_escape_string($_POST['fax']) ;
  $email = mysql_real_escape_string($_POST['email']) ;

 $query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1,  subdomain2, 
 position, country, city, district, contact, set_up_date, address, phone,   area_phone_code, website, fax, email)
  VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
  '$subdomain2', '$position', '$country',  '$city',
   '$district', '$contact', '$set_up_date',  '$address', '$phone',
   '$areacode, '$website', '$fax', '$email')");

      echo  "The company was successfully created.";
     else {
         echo  "The company was not created.";

    }
   }
  ?>

Answer 2

INSERT INTO companies  
SET name = $name, 
    subdomain0 = $domain, 
    subdomain1 = $doamin1

等等

Answer 3

你必须小心sql injections。你可以通过链接了解mysql_ *函数的其他选项，因为它已被弃用。

通过使用mysql_error函数打印错误，尝试找出错误总是更好。（检查替代品的链接，因为这也被弃用）

PHP＆amp; MYSQL - 在数据库中插入数据失败

3 个答案: