Question

我想从网址获取ID，例如：www.example.com/upload.php？sc = 1

并将ID输入我的数据库。我附加了我的代码，但ID没有插入数据库中。请帮助我，以便将ID也存储在数据库中。

由于

<?php require_once '../database.php'; ?>
<?php $eventid = $_GET['event']; ?>
<?php $sc = $_GET['sc']; ?>
</head>

<body>
<?php 
    $result = mysql_query("SELECT * FROM category");
    while($row = mysql_fetch_array($result)){
        echo "<a href=?event=" . $row['id'] .">" . $row['category'] . "</a>&nbsp;";
    }
?><br>
<?php 
    $result = $db->query("SELECT * FROM sub_category WHERE category_id LIKE '" . $eventid . "';");
    $event = $result->fetch();
?>
<?php
    echo "<a href=?event=" . $row['id'] .">" . $row['category'] . "</a>&nbsp;";
?>
<?php
    echo "<a href=?sc=" . $event['id'] .">" . $event['sub_category'] . "</a>&nbsp;";
?>
<form method="POST" action="upload1.php" enctype="multipart/form-data" id="subForm">
<b>Upload your file here</b>
<br/>
<span>Name:*</span>&nbsp;<input name="name" type="text" class="required"><br/>
Description:* <input name="description" type="text" class="required"><br/><br/>
Thumbnail Size: 400px X 400px | Featured Image Size: 2100px X 525px<br><br>
Browse:*<input name="userfile" type="file" class="required">&nbsp;<br>
<br/> 
<input type="submit" value="Upload" style="width: 150px">
</form>
<?php
    $name = $_POST['name'];
    $description = $_POST['description'];
    $sc = $_GET['sc']; 
    $kj=$sc;
    if(empty($name)) {
         echo("<br>All the above details must filled in! We dont want monkeys on the page!");
    } 
    else {
        $target="images/";
        $target.=$_FILES['userfile']['name'];
        move_uploaded_file($_FILES['userfile']['tmp_name'],$target);
        move_uploaded_file($_FILES['userfile']['tmp_name'],$target);
        mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());
        echo "<br>File Successfully Uploaded!";
    }
?>

Answer 1

mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());

这条线可能会被杀死。试试这个：

mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('" . $target . "', '$name', '$description', '" . $sc . "')") or die(mysql_error());

您已设置

$name = $_POST['name'];
$description = $_POST['description'];
$sc = $_GET['sc'];
$kj = $sc;

就在此之前！在您的查询中，您已使用

$_POST[name];

1.由于缺少＆＃39;而不正确和＆＃39;在名称之前和之后，以及2.您之前声明的变量$ name。

Answer 2

试试这个，

<?php 
$sc = $_GET['sc'];
$result = $db->query("INSERT INTO your_db_table SET field = ".$sc."");
?>

Answer 3

而不是

mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES ('".$target."', '$_POST[name]', '$_POST[description]', '".$sc."')") or die( mysql_error());

使用此功能，而SQL INJECTION的查询也不安全。使用mysql_real_escape_string

 mysql_query("INSERT INTO upload(upload, name, description, sub_category_id) VALUES
 ('".$target."', '".mysql_real_escape_string($name)."',
 '".mysql_real_escape_string($description)."', '".mysql_real_escape_string($sc)."')") 
 or die( mysql_error());

如何在mysql查询中插入$ _GET [variable]

3 个答案: