我试图在PHP(new_page.php)中创建新页面,成功创建的页面将插入到数据库(create_page.php)中,但现在它无法正常工作,不确定我缺少哪些步骤,任何帮助都很感激。以下是我的代码&截图:
Mysql表:
http://i60.tinypic.com/2h3aofr.png
new_page.php
http://i60.tinypic.com/21dmop2.png
<?php $host = "localhost";
$name = "root";
$password = "";
$db = "test_son";
$connection = mysqli_connect($host, $name, $password, $db);
//Check if connect to MySQL works
if (mysqli_connect_errno()){
die("Connection to MySql error " . mysqli_connect_errno());
}?>
<?php
function find_all_pages(){
global $connection;
$query = "select * from pages ";
$query .= "order by position asc";
$page_set = mysqli_query($connection, $query);
confirm_query($page_set);
return $page_set;
}?>
<h2>Create Page</h2>
<form action="create_page.php" method="post">
<p>Subject Id:
<input type="number" name="subject_id" value="" />
</p>
<p>Book name:
<input type="text" name="book_name" value="" />
<br/><br/>
</p>
<p>Position:
<select name="position">
<?php
$page_set = find_all_pages();
$page_count = mysqli_num_rows($page_set);
for ($count=1; $count <= $page_count; $count++){
echo "<option value=\"1\">{$count}</option>";}
?>
</select>
</p>
<p>visible
<input type="radio" name="visible" value="0" /> No
<input type="radio" name="visible" value="0" /> Yes
</p>
<input type="submit" name ="submit" value="Create Page" />
</form>
create_page.php
<?php
if (isset($_POST["submit"])){
//Process the form
$subject_id = $_POST["subject_id"];
$book_name = $_POST["book_name"];
$position = $_POST["position"];
$visible = $_POST["visible"];
$book_name = mysqli_real_escape_string($connection, $book_name);
$subject_id = mysqli_real_escape_string($connection, $subject_id);
//Perform database query
$query = "insert into pages (";
$query .= " subject_id, 'book_name', position, visible";
$query .= " ) values ( ";
$query .= "$subject_id, '$book_name', $position, $visible ";
$query .= ")";
$result = mysqli_query($connection, $query);
if ($result){
//Success will redirect to manage content page
$_SESSION["message"] = "page was created. ";
redirect("manage_content.php");
} else {
//Failure will redirect to new subject page
//$_SESSION["message"] = "subject was not created. Please check following possible errors: <br/> "
//. " menu name is not blank <br/> visible is not blank";
//redirect("new_page.php");
echo "fail " . mysqli_error($connection) ;
}
}
&GT;
当我提交创建页面按钮时,出现错误:
您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,以获得正确的语法,以便在&#39; book_name&#39; book_name&#39;,position,visible)值附近使用(121,&#39;如何赢得影响力1234&#39; ,1,0&#39;
答案 0 :(得分:0)
您创建该查询的方式存在安全漏洞。但要专门回答您的问题,请摆脱'
周围的'book_name'
。
答案 1 :(得分:0)
你不应该在column_names列表中有一个'
字符....列名不是字符串文字,它们是列名。如果它们绝对必须被引用(例如,如果你的列名是MySQL保留字,那么你使用反引号(`)而不是引号(')
$query = "insert into pages (";
$query .= " subject_id, book_name, position, visible";
$query .= " ) values ( ";
$query .= "$subject_id, '$book_name', $position, $visible ";
$query .= ")";
现在请了解准备好的语句和绑定变量