获取错误
"错误:1 您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册,以便在#1;'附近使用正确的语法。在第1行"
请帮助大家,非常感谢提前。
代码:
<?php
include('head.php');
if(isset($_POST['submit']))
{
$userid = trim($_POST['userid']);
$email = trim($_POST['email']);
$mobile = trim($_POST['mobile']);
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>******</title>
<link href="forum-styles.css" rel="stylesheet" type="text/css">
</head>
<style type="text/css">
.txtField {
padding: 5px;
border:#fedc4d 1px solid;
border-radius:4px;
}
</style>
<body background="img/gold-and-money.jpg">
<form action="" method="post" class="basic-grey">
<h1>****** Forgot Password
<span>Please let us know your UserId, We will reset password and inform you.</span> </h1>
<label>
<span>User Id :</span>
<input type="text" name="userid" required />
</label>
<label>
<span>Mobile N. :</span>
<input type="text" name="mobile" required/>
</label>
<label>
<span>Email Id :</span>
<input type="text" name="email" required/>
</label>
<label>
<div align="right"><span> </span>
<input type="submit" class="button" value="Submit" name="submit"/>
</div>
</label>
</form>
</body>
</html>
答案 0 :(得分:2)
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
你在mysqli_query有两个电话。第一次,您正在进行查询并将返回值分配给$sql;第二次,您正在运行$sql作为查询。
要解决眼前的问题,请执行以下操作:
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
您将查询分配给字符串,然后在查询中使用该字符串。这使得调试变得更容易,因为您现在可以输出生成的查询来检查您正在生成的内容。
<强>然而
您还可以将用户生成的数据直接传递给SQL查询,而无需转义它。这非常糟糕 - 如果某些数据包含撇号,那么最好会遇到问题。在最坏的情况下,您的数据库将被黑客入侵。这里的一个解决方案是使用mysqli_real_escape_string
来使用转义,正如弗雷德建议的那样$userid = mysqli_real_escape_string($conn, $_POST['userid']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
我建议也考虑使用绑定参数和预备语句,以增加额外的安全性。
答案 1 :(得分:0)
@andrewsi回答正确:&#34;您正在运行查询两次。第一次,你将结果分配给$ sql;第二次,您尝试将该结果作为查询运行。&#34;
答案 2 :(得分:0)
@andrewsi,你运行你的查询两次,你的查询包含你把它们作为文字的变量。所以代码就像这样:
$sql ="INSERT INTO forgot(userid,email,mobile)VALUES ($userid,$email,$mobile)";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
我希望这会对你有所帮助。
答案 3 :(得分:0)
这是一个基本的例子。检查你转弯的地方。始终遵循标准的编码方式。
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TABLE myCity LIKE City");
$query = "INSERT INTO myCity VALUES (NULL, 'Stuttgart', 'DEU', 'Stuttgart', 617000)";
$mysqli->query($query);
printf ("New Record has id %d.\n", $mysqli->insert_id);
/* drop table */
$mysqli->query("DROP TABLE myCity");
/* close connection */
$mysqli->close();
?>
答案 4 :(得分:0)
Ankit,在编写查询时很少需要处理,而不是解释它们,我会尝试重写查询:
$query = sprintf("INSERT INTO forgot('userid','email','mobile')
VALUES ('%s', '%s', '%s')"
, mysqli_real_escape_string( $con, $_POST['userid'] )
, mysqli_real_escape_string( $con, $_POST['email'] )
, mysqli_real_escape_string( $con, $_POST['mobile'] ));
if (mysqli_query($dbConnection, $query)) {
echo "Successfully inserted" . mysqli_affected_rows($conn) . " row";
} else {
echo "Error occurred: " . mysqli_error($dbConnection);
}
如果是这样,userid是整数,在创建$ query之前将userid转换为int,如下所示:
$userid = (int)$_POST['userid'];
答案 5 :(得分:0)
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
它会起作用。