在过去的几个小时里,我一直在尝试使用我的变量编写一个正确的插入语句。我应该使用表单来制作表格并将数据插入其中。我也是php的新手。我每次尝试都会遇到“没有插入”的消息。
if (isset($_POST['INSERT'])) {
$table = $_POST['table'];
$primarykey = $_POST['primarykey'];
$field1 = $_POST['field1'];
$field2 = $_POST['field2'];
$field3 = $_POST['field3'];
$fieldint = $_POST['fieldint'];
$fieldint2 = $_POST['fieldint2'];
$fieldint3 = $_POST['fieldint3'];
$inprimarykey = $_POST['inprimarykey'];
$infield1 = $_POST['infield1'];
$infield2 = $_POST['infield2'];
$infield3 = $_POST['infield3'];
$infieldint = $_POST['infieldint'];
$infieldint2 = $_POST['infieldint2'];
$infieldint3 = $_POST['infieldint3'];
mysql_query("INSERT INTO $table ($primarykey,$field1,$field2,$field3,$fieldint,$fieldint2,$fieldint3) VALUES ('$inprimarykey','$infield1','$infield2','$infield3','$infieldint','$infieldint2','$infieldint3')",$conn) or die ("NOTHING INSERTED");
}
答案 0 :(得分:1)
首先,您不应再使用mysql_函数,而应使用mysqli_函数。
此外,对于您应使用mysqli_real_escape_string的任何恶意代码,您无法撤消用户输入。
对不起,我改写了你的代码。我使用类Mysqli来创建连接。如果出现错误,它将输出MySQL返回的输出:
if (isset($_POST["INSERT"])) {
$conn = new Mysqli( 'localhost', 'username', 'password', 'db-name' );
$table=$conn->real_escape_string( $_POST['table'] );
$data = array(
$_POST['primarykey'] => $conn->real_escape_string( $_POST['inprimarykey'] ),
$_POST['field1'] => $conn->real_escape_string( $_POST['infield1'] ),
$_POST['field2'] => $conn->real_escape_string( $_POST['infield2'] ),
$_POST['field3'] => $conn->real_escape_string( $_POST['infield3'] ),
$_POST['fieldint'] => $conn->real_escape_string( $_POST['infieldint'] ),
$_POST['fieldint2'] => $conn->real_escape_string( $_POST['infieldint2'] ),
$_POST['fieldint3'] => $conn->real_escape_string( $_POST['infieldint3'] )
);
$query = sprintf( "INSERT INTO %s (`%s`) VALUES('%s');", $table, implode( '`,`', array_keys( $data ) ), implode( "','", $data ) );
if( $conn->query( $query ) === false ) {
printf("Error: %s\n", $conn->error);
}
}
如果这有助于你,请告诉我。