Question

所以，我这里有这个代码，它所做的只是错误... 404 ???? （只是一个小故障，但仍然。使用远程HTTP访问它不起作用。它应该）

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO $user(Username, Password, Membership)
VALUES ($usn, $psw, $membership)";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Answer 1

你为什么不试试：

$sql = "INSERT INTO " . $user . "(Username, Password, Membership) VALUES (" . $usn . "," . $psw . "," . $membership. ")"

Answer 2

你可能想写：

$sql = "INSERT INTO ".$user."(Username, Password, Membership)
VALUES 
('".$usn."', '".$psw."', '".$membership."')";

或

$sql = "INSERT INTO user(Username, Password, Membership)
VALUES 
('".$usn."', '".$psw."', '".$membership."')";

转移输入并添加real_escape_string（）调用会更好。所以我会以一种方式编写它，将值作为字符串进行转义，然后查询将它们作为字符串处理：

$sql = "INSERT INTO user(Username, Password, Membership)
    VALUES 
    ('".$conn->real_escape_string($usn)."', 
     '".$conn->real_escape_string($psw)."', 
     '".$conn->real_escape_string($membership)."'
    )";

我希望至少有一点帮助。

如何使用var的名称搜索数据库

2 个答案: