在sql语句中插入变量

时间:2014-03-05 21:17:26

标签: php sql

我正在尝试使用正确的语法将表单中的变量插入到数据库表中。

这是我的表格...... 

<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
 <td valign="top">
  <label for="first_name">First name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="last_name">Last name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
 </td>
</tr>
<tr>
 <td valign="top">
  <label for="email">Email Address *</label>
 </td>
 <td valign="top">
  <input  type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
 </td>

</tr>

<tr>
 <td valign="top">
  <label for="telephone">Telephone Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">

 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_number">Truck Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_milage">Truck Mileage *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="carrier">Carrier *</label>
 </td>
 <td valign="top">
  <input  type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="site_number">Site Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
 <label for="lat">Latitude:</label>
 </td>
  <td valign="top">
 <INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
 </td>
 </tr>

 <tr>
 <td valign="top">
 <label for="longitude">Longitude:</label>
 </td>
  <td valign="top">
 <input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
 </td>
 </tr>

<tr>
 <td valign="top">
  <label for="comments">Comments *</label>
 </td>
 <td valign="top">
  <textarea  name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="job_completion">Job Completion *</label>
 <td colspan="2" style="text-align">
  <?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?> 
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes&nbsp;&nbsp;
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
 </td>
</tr>
</table>
</form>

这是sql语句。第一个工作,但sql2没有输入数据到数据库。 

      $sql = "INSERT INTO documents (id, userid, description, name, date) VALUES (NULL, {$_SESSION['id']}, '{$description}' ,'{$filename}', NOW())"; 
     $success = mysql_query($sql);  


     $sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) 
   VALUES  ( '$_POST[first]', '$_POST['last']', '$_POST['email']', '$_POST['telephone']', '$_POST['truck_number']', '$_POST['truck_mileage']', '$_POST['carrier']', '$_POST['site_number']', '$_POST['lat']', '$_POST['longitude']', '$_POST['comments']', '$_POST['job_completion']')";
     $success2 = mysql_query($sql2);

2 个答案:

答案 0 :(得分:1)

试试这个。 在将值提交到数据库之前,应始终使用 mysql_real_escape_string 转义值。

$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES  ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";

答案 1 :(得分:0)

你有一个错字:'$ _POST [first]'我宁愿连接变量。麻烦但安全的方式。试试这个:

“INSERT INTO sitesubmit(first_name,last_name,email,telephone,truck_number,truck_mileage,carrier,site_number,lat,longitude,comments,job_completion)    VALUES('“。$ $ _POST ['first']。”','“。$ _POST ['last']”','“......等等

相关问题
最新问题