我收到此错误消息:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Hello World'; ?>')' at line 1
我希望存储以下数据:
<?php echo 'Hello World'; ?>
这是我的代码:
if(isset($_POST['submit'])){
$post = $_POST['post'];
$tqs = "INSERT INTO ttn03 (post) VALUES ('$post')";
$tqr = mysqli_query($dbc, $tqs) or die(mysqli_error($dbc));
echo "The data has gotten successfully added.";
}
使用这两个对我不起作用:
htmlspecialchars();
htmlentities();
这是HTML表单:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<textarea name="post" value=""></textarea>
<br/>
<input type="submit" name="submit"/>
</form>
数据库排序规则已开启:
utf8_unicode_ci
这是我的标题:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
有什么建议吗?
答案 0 :(得分:0)
这就是代码的样子:
// first of all, make sure 'post' is set - don't let PHP guessing what to when it's not set.
if(isset($_POST['post'])){
$post = $_POST['post'];
}else{
$post = '';
}
// this is your SQL QUERY. Never, ever, ever, throw data in sql queries
$tqs = $mysqli->prepare('INSERT INTO ttn03 (post) VALUES (?)');
// this is how to pass data to the statement
$statement->bind_param('s', $post);
// execute the statement and prints errors
if(!$statement->execute()){
die('Error '. $mysqli->errno .': '. $mysqli->error);
}
// close statement
$statement->close();
您可以在这里找到一些优秀的文档和示例: