我正在尝试通过我的php网页上的管理控制面板添加用户,我收到此错误。 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax我似乎无法发现我的生活中的问题,这是完整的页面代码。
<?php
include('session.php');
?>
<?php include ("db.php"); ?>
<?php
if (isset($_POST['create'])) {
$Username = mysql_real_escape_string($_POST['Username']);
$password = mysql_real_escape_string($_POST['password']);
$sex = mysql_real_escape_string($_POST['sex']);
$email = mysql_real_escape_string($_POST['email']);
$passwordmd5 = md5($password);
$sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";
mysql_query($sql) or die(mysql_error());
include ("addition_successful.php");
exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Network TV - Add Record</title>
<meta charset="utf-8" />
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container">
<div class="content">
<h1>Network TV Add new user</h1>
<br>
<div class="toolbar">
<a href="data_display.php">Return to the main page</a>
</div>
<br>
</div>
</div>
<div class="container">
<div class="content">
<div class="separator"></div>
<h2>User details</h2>
<div class="separator"></div>
<form method="POST" action="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<p>Username:</p>
<p><input type="text" name="Username" id="Username" placeholder="Input Username here ... "></p>
<p>password:</p>
<p><input type="text" name="password" id="password" placeholder="Input password here ... "></p>
<p>email:</p>
<p><input type="text" name="email" id="email" placeholder="Input Email address here ... "></p>
<p>Name:</p>
<p><input type="text" name="name" id="name" placeholder="Input name here ... "></p>
<p>Date of birth:</p>
<p><input type="date" name="dob" id="dob" placeholder="Input date of birth here ... "></p>
<p>Gender:</p>
<p><input type="text" name="sex" id="sex" placeholder="Input gender here ... "></p>
<p>Phone Number:</p>
<p><input type="text" name="phone" id="phone" placeholder="Input phone number here ... "></p>
<p>Profile Picture:</p>
<p><input type="text" name="imagelink" id="imagelink" placeholder="Input profile picture link here ... "></p>
<p>Cover Picture:</p>
<p><input type="text" name="coverpicture" id="coverpicture" placeholder="Input cover picture link here ... "></p>
<p>Hobbys:</p>
<p><input type="text" name="hobby" id="hobby" placeholder="Input hobbys here ... "></p>
<p>Bio:</p>
<p><input type="text" name="bio" id="bio" placeholder="Input bio here ... "></p>
<p><input type="submit" name="create" value="Create New Record"></p>
</form>
<div class="separator"></div>
</div>
</div>
</body>
</html>
session.php只是在用户登录时创建会话,而db只是Mysql的数据库连接。
更新
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''None','None'' at line 1
答案 0 :(得分:1)
您的结束)位置错误:
'$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";
^^^^^
HERE
将其移至VALUES的末尾:
$sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";
答案 1 :(得分:0)
SQL中的错误是您随意终止VALUES()数组,然后传递更多参数,观察:
'$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";
将其更改为:
'$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";
此外,接受unsecaptd用户输入数据被认为是不安全的,应该用准备好的语句替换。
最后,不推荐使用mysql_库。请考虑至少转移到mysqli_或PDO。
答案 2 :(得分:0)
)位置错误:
$sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";