如何修复此SQL语法错误?

时间:2015-06-04 06:25:32

标签: php mysql

如何修复此错误?

  

"您的SQL语法出错了;查看与您的MySQL服务器版本相对应的手册,以获得在''附近使用的正确语法。在第1行。"

我正在使用wamp服务器。本地主机:81

<?php
  $conn =mysqli_connect('localhost', 'root' , '','register');

  if(isset($_POST['submit']))
  { 
    $fname=$_POST['FName'];
    $mname = $_POST['UName'];
    $email = $_POST['email'];
    $contact = $_POST['contact'];
    $gender = $_POST['gender'];
    $Password = $_POST['Pass'];
    $Repassword = $_POST['Rpass'];
    $sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword) values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";

    if ($conn->query($sql) === TRUE) {
      echo "New record created successfully";
      print '<script>alert("Successfully Submit Data!");</script>';
    }
    else{
      echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
  }
?> 

3 个答案:

答案 0 :(得分:3)

我建议在列名周围使用反引号(`),以防止SQL将其视为其他内容。您还希望确保转义数据。

$sql = "INSERT INTO `registered`
(`FullName`, `UserName`, `Email`, `Contact#`, `Gender`, `Password`, `RPassword`)              
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sssssss', $fname, $mname, $email, $contact, $gender, $Password, $Repassword);
if ( $stmt->exec() ) {
    //Success
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

有关SQL注入及其对您有何影响的更多信息,请查看this post

答案 1 :(得分:-1)

试试这个

INSERT INTO `registered`(`FullName`,`UserName`,`Email`,`Contact#`,`Gender`,`Password`,`RPassword`)              
 values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";

答案 2 :(得分:-1)

试试这个

$sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword)              
 values($fname,$mname,$email,$contact,$gender,$Password,$Repassword)";