所以我的php脚本出现了这个问题,它将数据从HTML表单发送到数据库。每次我尝试使用表单时,我都会收到以下错误:
错误:1064:您的SQL语法出错;检查与您的MariaDB服务器版本对应的手册,以便在第1行“',test.com')附近使用正确的语法
<form method="post" action="">
<p>The title of what users will see(Eg. "MineVoxel - Great minecraft server", or "My cat blog - Go visit now!") </p>
<input name="name" type="text">
<br>
<p>Name of the service type(Eg. Minecraft Server, Website, etc.)</p>
<br>
<input name="service" type="text">
<br>
<p>Description of your website/service</p>
<br>
<input name="description" type="text">
<br>
<p>A link or IP address to your service</p>
<br>
<input name="address" type="text">
<br>
<br>
<input type="submit" value="Submit Form">
</form>
<?php
// Only process the form if $_POST isn't empty
if ( ! empty( $_POST ) ) {
// Connect to MySQL
$mysqli = new mysqli( 'CENSORED', 'CENSORED', 'CENSORED', 'CENSORED' );
// Check our connection
if ( $mysqli->connect_error ) {
die( 'Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
// remove old stale data
$sql = "DELETE FROM user
WHERE ts_created < DATE_ADD(NOW(),INTERVAL -2 HOUR)";
if ( ! $mysqli->query($sql) ) {
// log $mysqli->error somewhere
}
// Insert our data
$sql = "INSERT INTO user ( name, service, description, address ) VALUES ( '{$mysqli->real_escape_string($_POST['name'])}', '{$mysqli->real_escape_string($_POST['service'])}', {$mysqli->real_escape_string($_POST['description'])}', {$mysqli->real_escape_string($_POST['address'])}' )";
$insert = $mysqli->query($sql);
// Print response from MySQL
if ( $insert ) {
echo "Success! Row ID: {$mysqli->insert_id}";
} else {
die("Error: {$mysqli->errno} : {$mysqli->error}");
}
// Close our connection
$mysqli->close();
}
?>
答案 0 :(得分:1)
缺少单引号:
])}', '{$mysqli->real_escape_string($_POST['description'])}',
^^^
你应该学习准备好的陈述。
答案 1 :(得分:0)
您需要在
周围放置单引号)}', '{$mysqli->real_escape_string($_POST['description'])}', '{$mysqli->real_escape_string($_POST['address'])}'
^^^ ^^^