INSERT INTO不为我插入

时间:2014-07-19 18:24:23

标签: php mysqli insert

我无法看到这个问题,但它不会工作。

快速删除:在上一页填写的表单中,$ _POST ['']被添加到$ _SESSION ['']' s,来自$ _SESSION ['']的$ vars,用于mysqli_query的$ vars。

我确定这个问题正在盯着我,但我看不到它。

下面是代码:(更新)

if(isset($_POST['list_make']) && $_POST['list_make'] != '') { $list_make  = $_POST['list_make']; $_SESSION['list_make'] = $list_make; }
if(isset($_SESSION['list_make']) && $_SESSION['list_make'] != '') { $list_make = $_SESSION['list_make']; } else { $list_make = ''; }

$add_car_query = "INSERT INTO car_details 
    (car_user_id, car_user_number, car_date_added, car_make, car_model, car_date_registered, car_odometer, 
        car_engine_size, car_color, car_body_type, car_owners, car_nct_date, car_rax_date) 
    VALUES 
    ('$user_id_new', '$new_user_number', '$today', '$list_make', '$list_model', '$list_year', '$list_kilometers', 
        '$list_engine_size', '$list_color', '$list_body_type', '$list_previous_owners', '$list_nct', '$list_tax')
    ";
if(mysqli_query($con, $add_car_query)) { $added = 'added'; } else { $added = 'Not happening'; }

1 个答案:

答案 0 :(得分:1)

尝试检查else中是否存在MySQLi错误(如果查询失败将触发该错误):

$add_car_query = "INSERT INTO car_details 
    (car_user_id, car_user_number, car_date_added, car_make, car_model, car_date_registered, car_odometer, 
        car_engine_size, car_color, car_body_type, car_owners, car_nct_date, car_rax_date) 
    VALUES 
    ('$user_id_new', '$new_user_number', '$today', '$list_make', '$list_model', '$list_year', '$list_kilometers', 
        '$list_engine_size', '$list_color', '$list_body_type', '$list_previous_owners', '$list_nct', '$list_tax')
    ";
if(mysqli_query($con, $add_car_query)) { 
  $added = 'added'; 
} 
else { 

  // check for the error here
  if(mysqli_error()) {
    echo mysqli_error();
  }

  $added = 'Not happening'; 
}

准备好的陈述

正如评论中的某些人所说,您应该使用prepared statements来提高安全性。这样您就不必担心转义输入了(看起来您现在没有转义值very dangerous)。

虽然问号占位符有点令人困惑(但不幸的是MySQLi不支持命名参数)。使用OOP MySQLi准备好的语句更好,但是你使用的是程序,所以这里是你如何在你的问题中为查询做一个准备好的语句:

$add_car_query = "INSERT INTO car_details 
    (car_user_id, 
     car_user_number, 
     car_date_added, 
     car_make, 
     car_model, 
     car_date_registered, 
     car_odometer, 
     car_engine_size, 
     car_color, 
     car_body_type, 
     car_owners, 
     car_nct_date, 
     car_rax_date) 
    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";

$stmt = mysqli_stmt_prepare($con, $add_car_query);

// if any of the values are an int, change the 
// corresponding 's' (which means string) to 'i' (integer).
// more info: http://us.php.net/manual/en/mysqli-stmt.bind-param.php

mysqli_stmt_bind_param($stmt, 'sssssssssssss', 
                       $user_id_new, 
                       $new_user_number, 
                       $today, 
                       $list_make, 
                       $list_model, 
                       $list_year, 
                       $list_kilometers, 
                       $list_engine_size, 
                       $list_color, 
                       $list_body_type, 
                       $list_previous_owners, 
                       $list_nct, 
                       $list_tax);
$stmt_exe = mysqli_stmt_execute($stmt);

if($stmt_exe) { 
   $added = 'added'; 
} 
else { 
   if(mysqli_error()) {
     echo mysqli_error();
   }
   $added = 'Not happening'; 
}