我无法看到这个问题,但它不会工作。
快速删除:在上一页填写的表单中,$ _POST ['']被添加到$ _SESSION ['']' s,来自$ _SESSION ['']的$ vars,用于mysqli_query的$ vars。
我确定这个问题正在盯着我,但我看不到它。
下面是代码:(更新)
if(isset($_POST['list_make']) && $_POST['list_make'] != '') { $list_make = $_POST['list_make']; $_SESSION['list_make'] = $list_make; }
if(isset($_SESSION['list_make']) && $_SESSION['list_make'] != '') { $list_make = $_SESSION['list_make']; } else { $list_make = ''; }
$add_car_query = "INSERT INTO car_details
(car_user_id, car_user_number, car_date_added, car_make, car_model, car_date_registered, car_odometer,
car_engine_size, car_color, car_body_type, car_owners, car_nct_date, car_rax_date)
VALUES
('$user_id_new', '$new_user_number', '$today', '$list_make', '$list_model', '$list_year', '$list_kilometers',
'$list_engine_size', '$list_color', '$list_body_type', '$list_previous_owners', '$list_nct', '$list_tax')
";
if(mysqli_query($con, $add_car_query)) { $added = 'added'; } else { $added = 'Not happening'; }
答案 0 :(得分:1)
尝试检查else
中是否存在MySQLi错误(如果查询失败将触发该错误):
$add_car_query = "INSERT INTO car_details
(car_user_id, car_user_number, car_date_added, car_make, car_model, car_date_registered, car_odometer,
car_engine_size, car_color, car_body_type, car_owners, car_nct_date, car_rax_date)
VALUES
('$user_id_new', '$new_user_number', '$today', '$list_make', '$list_model', '$list_year', '$list_kilometers',
'$list_engine_size', '$list_color', '$list_body_type', '$list_previous_owners', '$list_nct', '$list_tax')
";
if(mysqli_query($con, $add_car_query)) {
$added = 'added';
}
else {
// check for the error here
if(mysqli_error()) {
echo mysqli_error();
}
$added = 'Not happening';
}
准备好的陈述
正如评论中的某些人所说,您应该使用prepared statements来提高安全性。这样您就不必担心转义输入了(看起来您现在没有转义值very dangerous)。
虽然问号占位符有点令人困惑(但不幸的是MySQLi不支持命名参数)。使用OOP MySQLi准备好的语句更好,但是你使用的是程序,所以这里是你如何在你的问题中为查询做一个准备好的语句:
$add_car_query = "INSERT INTO car_details
(car_user_id,
car_user_number,
car_date_added,
car_make,
car_model,
car_date_registered,
car_odometer,
car_engine_size,
car_color,
car_body_type,
car_owners,
car_nct_date,
car_rax_date)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_stmt_prepare($con, $add_car_query);
// if any of the values are an int, change the
// corresponding 's' (which means string) to 'i' (integer).
// more info: http://us.php.net/manual/en/mysqli-stmt.bind-param.php
mysqli_stmt_bind_param($stmt, 'sssssssssssss',
$user_id_new,
$new_user_number,
$today,
$list_make,
$list_model,
$list_year,
$list_kilometers,
$list_engine_size,
$list_color,
$list_body_type,
$list_previous_owners,
$list_nct,
$list_tax);
$stmt_exe = mysqli_stmt_execute($stmt);
if($stmt_exe) {
$added = 'added';
}
else {
if(mysqli_error()) {
echo mysqli_error();
}
$added = 'Not happening';
}