这是我正在使用的代码。我已经通过手动向表中添加一行并选择它来验证我连接到数据库。我似乎无法找到问题所在。我希望我不会忽视一些简单而浪费每个人的时间。温柔地对待我,我是超级新人。我在尝试添加查询时收到错误消息。
$dbc = mysqli_connect('127.0.0.1','root','','trackday')
or die('Cannot connect to database');
$query = "INSERT INTO horses(color, gate_speed, sprint_speed, middle_speed,
jockey_response, final_burst, finishing_speed)" .
"VALUES('$horseColor', '$gateSpeed', '$sprintSpeed', '$middleSpeed',
'$jockeyResponse', $finalBurst', '$finishingSpeed');";
$result = mysqli_query($dbc,$query);
or die("Error adding horse");
答案 0 :(得分:0)
请考虑以下格式以防止您成为查询注入的受害者
$dbc = mysqli_connect('127.0.0.1','root','','trackday')
or die('Cannot connect to database');
if($stmt = $dbc->prepare("INSERT INTO horses(color, gate_speed, sprint_speed, middle_speed,jockey_response, final_burst, finishing_speed) VALUES(?,?,?,?,?,?,?);"))
{
$stmt->bind_param('sssssss',$horseColor, $gateSpeed, $sprintSpeed, $middleSpeed, $jockeyResponse, $finalBurst, $finishingSpeed);
$stmt->execute();
$stmt->close();
}
printf("Error Adding Horse: %s.\n", $stmt->error);
答案 1 :(得分:-1)
这对你有用吗?
$query = "INSERT INTO horses(color, gate_speed, sprint_speed, middle_speed,
jockey_response, final_burst, finishing_speed) " .
"VALUES('" . $horseColor . "' , '". $gateSpeed . "', '" . $sprintSpeed . "', '" . $middleSpeed . "', '" . $jockeyResponse . "', '" . $finalBurst . "', '" . $finishingSpeed ."');";
您还应该考虑使用mysqli_real_escape_string来保存SQL injections