我正在为一个简单的网站运行一段代码,该网站应该将一个表单中输入的注释提交到数据库中,但是当我单击注释的提交按钮时,它只会给我这个错误消息:
Database access failed1: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
相关网页的代码是:
<?php
require_once('checklog.php');
require_once("functions.php");
require_once('../Website/recaptcha/recaptchalib.php');
//Include external php files. Functions contains functions, Checklog redirects the user to the login page if they are not logged in. Checklog also contains session_start(). If you remove it make sure to add session_start() to this page.
$db_hostname = 'localhost';
$db_database = 'removed';
$db_username = 'removed';
$db_password = 'removed';
$db_status = 'not initialised';
$str_result = '';
$str_options = '';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
$db_status = "connected";
$string = $_POST ['filmID'];
mysqli_select_db($db_server, $db_database);
$query = "SELECT FilmName, GenreName, DirName, Synopsis FROM Films JOIN Genres JOIN Directors WHERE Directors.DirID = Films.DirID AND Films.GenreID = Genres.GenreID AND Films.FilmID = $string";
$resultcount = 1;
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed1: " . mysqli_error($db_server));
while($row = mysqli_fetch_array($result)){
$FilmName = $row['FilmName'];
$GenreName = $row['GenreName'];
$DirName = $row['DirName'];
$Synopsis = $row['Synopsis'];
}
mysqli_free_result($result);
$query = "SELECT username, Rating, Comment FROM Comments JOIN Users WHERE Comments.UserID = Users.UserID AND Comments.FilmID = $string";
$commentnum = 1;
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed2: " . mysqli_error($db_server));
while($row = mysqli_fetch_array($result)){
$str_comments .= "<p>" . $commentnum . " - Review by " . $row['username'] . ": " . $row['Comment'] . " [" . $row['Rating'] . "/5]</p>";
$commentnum = $commentnum + 1;
}
mysqli_free_result($result);
if(trim($_POST['submit']) == "Submit"){
$privatekey= "6Lem4-gSAAAAADsaa9KXlzSAhLs8Ztp83Lt-x1kn";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$message = " ";
if (!$resp->is_valid) {
//incorrect entry
$message = "The reCAPTCHA wasn't entered correctly. Go back and try again.
(reCAPTCHA said: " . $resp->error . ")";
//recaptcha validation
} else {
//Submit the reviews
$comment = clean_string($db_server, $_POST['comment']);
$rating = clean_string($db_server, $_POST['rating']);
$user = $SESSION['UserID'];
if ($comment != '') {
$queryreview = "INSERT INTO Comments (Comment, Rating, UserID, FilmID) VALUES ('$comment', '$rating', '$user', '$string')";
mysqli_select_db($db_server, $db_database);
mysqli_query($db_server, $queryreview) or
die("Insert failed: " . mysqli_error($db_server));
}
}
}
?>
<html>
<head>
<title>View individual film details.</title>
</head>
<body>
<h1>Welcome to the site, <?php echo $_SESSION['username']; ?> ! You are user ID <?php echo $_SESSION['userid'] ?>.</h1>
<p>This film is called <?php echo $FilmName ?> and is a <?php echo $GenreName; ?> film directed by <?php echo $DirName; ?></p>
<p>Synopsis: <?php echo $Synopsis; ?> </p></body>
<p>Reviews:
<?php echo $str_comments ?></p>
<form id="frmComments" action="viewfilm.php" method="post">
<p>Have you seen this movie? Leave a review and tell other users what you thought.</p>
review: <textarea rows="2" cols="30" name="comment"></textarea> </p>
<p>Rating: <select name="rating">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
<?php
$publickey = "6Lem4-gSAAAAAMHLAVbieIknMtUZo71ZKzzCkoFN";
echo recaptcha_get_html($publickey);
?>
<input type="submit" id="submit" name="submit" value="Submit" />
</form>
</body>
</html>
应该运行评论插入的代码是
if(trim($_POST['submit']) == "Submit"){
$privatekey= "6Lem4-gSAAAAADsaa9KXlzSAhLs8Ztp83Lt-x1kn";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$message = " ";
if (!$resp->is_valid) {
//incorrect entry
$message = "The reCAPTCHA wasn't entered correctly. Go back and try again.
(reCAPTCHA said: " . $resp->error . ")";
//recaptcha validation
} else {
//Submit the reviews
$comment = clean_string($db_server, $_POST['comment']);
$rating = clean_string($db_server, $_POST['rating']);
$user = $SESSION['UserID'];
if ($comment != '') {
$queryreview = "INSERT INTO Comments (Comment, Rating, UserID, FilmID) VALUES ('$comment', '$rating', '$user', '$string')";
mysqli_select_db($db_server, $db_database);
mysqli_query($db_server, $queryreview) or
die("Insert failed: " . mysqli_error($db_server));
}
}
}
但正如您可以通过错误消息中包含的“1”看到的那样,错误指向用于生成页面内容的早期查询。事情是这个查询确实有效,只有在点评提交后我才会收到此错误。
答案 0 :(得分:0)
如果你需要在你的值中给出字符串,那么在引号内设置变量,如下所示:
更改
$queryreview = "INSERT INTO Comments (Comment, Rating, UserID, FilmID) VALUES ('$comment, $rating, $user, $string')"
到
$queryreview = "INSERT INTO Comments (Comment, Rating, UserID, FilmID) VALUES ('$comment', '$rating', '$user', '$string')"
答案 1 :(得分:0)
是的,probem确实是空字符串变量。
有一些不同的方法可以解决这个问题:
在表单中使用隐藏字段,其中存储已发布的filmID的值,并在提交后再次发送。
将filmID值存储在会话全局中。
希望这有帮助