如何修复此错误?
"您的SQL语法出错了;查看与您的MySQL服务器版本相对应的手册,以获得在''附近使用的正确语法。在第1行。"
我正在使用wamp服务器。本地主机:81
<?php
$conn =mysqli_connect('localhost', 'root' , '','register');
if(isset($_POST['submit']))
{
$fname=$_POST['FName'];
$mname = $_POST['UName'];
$email = $_POST['email'];
$contact = $_POST['contact'];
$gender = $_POST['gender'];
$Password = $_POST['Pass'];
$Repassword = $_POST['Rpass'];
$sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword) values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
print '<script>alert("Successfully Submit Data!");</script>';
}
else{
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
答案 0 :(得分:3)
我建议在列名周围使用反引号(`),以防止SQL将其视为其他内容。您还希望确保转义数据。
$sql = "INSERT INTO `registered`
(`FullName`, `UserName`, `Email`, `Contact#`, `Gender`, `Password`, `RPassword`)
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sssssss', $fname, $mname, $email, $contact, $gender, $Password, $Repassword);
if ( $stmt->exec() ) {
//Success
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
有关SQL注入及其对您有何影响的更多信息,请查看this post。
答案 1 :(得分:-1)
试试这个
INSERT INTO `registered`(`FullName`,`UserName`,`Email`,`Contact#`,`Gender`,`Password`,`RPassword`)
values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";
答案 2 :(得分:-1)
试试这个
$sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword)
values($fname,$mname,$email,$contact,$gender,$Password,$Repassword)";