我一直收到这个错误:
解析错误:语法错误,第7行的D:\ server \ WT-NMP \ WWW \ myproj1 \ insert.php中的意外'“'
使用此代码:
<?php
$uname = $_REQUEST['uname'];
$msg = $_REQUEST['msg'];
$con = mysqli_connect('localhost','root','','chatbox');
mysqli_query($con"INSERT INTO logs (`username` , `msg`) VALUES ('$uname','$msg')");
$result1 = mysqli_query($con"SELECT * FROM logs ORDER by id DESC");
while($extract = mysqli_fetch_array($result1)){
echo "<span class='uname'>" . $extract['username'] . "</span>: <span class='msg'>" . $extract['msg'] . "</span><br>";
}
?>
答案 0 :(得分:1)
改变这个:
$result1 = mysqli_query($con"SELECT * FROM logs ORDER by id DESC");
到此:
$result1 = mysqli_query($con, "SELECT * FROM logs ORDER by id DESC");
插入内容相同。
另外mysqli_fetch_array应该是mysqli_fetch_assoc。
虽然我们正在使用它,但是你有一个插入的SQL注入问题。您应该使用准备好的声明并绑定这些参数。只是将用户提供的数据粘贴到SQL中绝不是一个好主意。
答案 1 :(得分:1)
首先,您在SQL语句中缺少逗号 改变这个:
mysqli_query($con"INSERT INTO logs (`username` , `msg`) VALUES ('$uname','$msg')");
由此:
mysqli_query($con, "INSERT INTO logs (`username` , `msg`) VALUES ('$uname','$msg')");
并改变这一点:
$result1 = mysqli_query($con"SELECT * FROM logs ORDER by id DESC");
由此:
$result1 = mysqli_query($con, "SELECT * FROM logs ORDER by id DESC");
您还应该使用带参数的查询,因为此时您的插入对SQL注入是开放的。