mysqli查询语法错误

时间:2015-11-08 18:23:12

标签: php mysqli

我正在连接数据库以加载html表单数据,我在mysqli查询上遇到语法错误。我尝试了语法上的变化,但它没有清除。另一组眼睛将不胜感激。

<?php
// define variables and set to empty values
$ProjectErr = $ClientErr = $LastNameErr = $DateReceivedErr = "";
$Project = $Client = $LastName = $DateReceived = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["Project"])) {
     $ProjectErr = "Project name is required";
   } else {
     $Project = test_input($_POST["Project"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$Project)) {
       $ProjectErr = "Only letters and white space allowed"; 
     }
   }

   }

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["Client"])) {
     $ClientErr = "Client name is required";
   } else {
     $Client = test_input($_POST["Client"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$Client)) {
       $ClientErr = "Only letters and white space allowed"; 
     }
   }

   }

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["LastName"])) {
     $LastNameErr = "Tech writer name is required";
   } else {
     $LastName = test_input($_POST["LastName"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$LastName)) {
       $LastNameErr = "Only letters and white space allowed"; 
     }
   }

   }

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["DateReceived"])) {
     $DateReceivedErr = "The date the project was received is required";
   } else {
     $DateReceived = test_input($_POST["DateReceived"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$DateReceived)) {
       $DateReceivedErr = "Only letters and white space allowed"; 
     }
   }

   }


function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}
?>

<?php
$servername = "localhost";
$username = "oldga740_Tonymm";
$password = "JtAjDm#6";
$dbname = "oldga740_SeniorProject";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
} 

//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO Projects (Project, Client, LastName, DateReceived)
VALUES ('$_POST[post_Project]', '$_POST[post_Client]', '$_POST[post_LastName]', '$_POST[post_DateReceived]')";
?>

<h2>New Project</h2>
<p><span class="error">* required field.</span></p>
<form action="send_post.php" method="post">
   Project: <input type="text" name="Project" value="<?php echo $Project;?>">
   <span class="error">* <?php echo $ProjectErr;?></span>
   <br><br>
   Client: <input type="text" name="Client" value="<?php echo $Client;?>">
   <span class="error">* <?php echo $ClientErr;?></span>
   <br><br>
   LastName: <input type="text" name="LastName" value="<?php echo $LastName;?>">
   <span class="error">* <?php echo $LastNameErr;?></span>
   <br><br>
   DateReceived: <input type="text" name="DateReceived" value="<?php echo $DateReceived;?>">
   <span class="error">* <?php echo $DateReceivedErr;?></span>
   <br><br>
   <input type="submit" name="submit" value="Submit"> 
</form>

<?php
echo "<h2>Your Input:</h2>";
echo $Project;
echo "<br>";
echo $Client;
echo "<br>";
echo $LastName;
echo "<br>";
echo $DateReceived;
?>

2 个答案:

答案 0 :(得分:0)

我猜这条线你遇到了麻烦。

mysqli_query($connect,"
    INSERT INTO Projects (Project, Client, LastName, DateReceived)
    VALUES ('" . $_POST["Project"] . "', '" . $_POST["Client"] . "', '" .$_POST["LastName"] . "', '" . $_POST["DateReceived"] . "');");

您的问题既是帖子“名称”(它不是$_POST[post_Project],只是$_POST["Project"]),您只是在SQL代码中编写它们而不是插入它们。

答案 1 :(得分:0)

您的代码中有几件事情在编程世界中是错误的或被认为是不好的做法。而且我几乎不可能指出每一个错误,所以我写了一些更简洁,更简洁的代码。我在我的机器上运行了这个代码,它运行得很好。

仔细阅读下面的代码,这是非常明显的。

<?php
function test_input($data){
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "StackOverflow";

// create connection
$connection = new mysqli($servername, $username, $password, $dbname);

if(isset($_POST['submit']) && !$connection->connect_error){
    // to track errors
    $error = false;

    // now validate input fields
    if (empty($_POST['Project']) || !isset($_POST['Project'])){
        $ProjectErr = "Project name is required";
        $error = true;
    }elseif(!preg_match("/^[a-zA-Z\s]{1,}$/",$_POST['Project'])){
        // check if project only contains letters and whitespace
        $ProjectErr = "Only letters and white space allowed";
        $error = true;
    }else{
        $Project = test_input($_POST['Project']);
    }

    if (empty($_POST['Client']) || !isset($_POST['Client'])){
        $ClientErr = "Client name is required";
        $error = true;
    }elseif(!preg_match("/^[a-zA-Z\s]{1,}$/",$_POST['Client'])){
        // check if client only contains letters and whitespace
        $ClientErr = "Only letters and white space allowed";
        $error = true;
    }else{
        $Client = test_input($_POST['Client']);
    }

    if (empty($_POST['LastName']) || !isset($_POST['LastName'])){
        $LastNameErr = "Last name is required";
        $error = true;
    }elseif(!preg_match("/^[a-zA-Z\s]{1,}$/",$_POST['LastName'])){
        // check if last name only contains letters and whitespace
        $LastNameErr = "Only letters and white space allowed";
        $error = true;
    }else{
        $LastName = test_input($_POST['LastName']);
    }

    if (empty($_POST['DateReceived']) || !isset($_POST['DateReceived'])){
        $DateReceivedErr = "Data received field is required";
        $error = true;
    }elseif(!preg_match("/^[a-zA-Z\s]{1,}$/",$_POST['DateReceived'])){
        // check if data received only contains letters and whitespace
        $DateReceivedErr = "Only letters and white space allowed";
        $error = true;
    }else{
        $DateReceived = test_input($_POST['DateReceived']);
    }

    if(!$error){
        $query = "INSERT INTO Projects (Project, Client, LastName, DateReceived) VALUES ('$Project', '$Client', '$LastName', '$DateReceived')";
        if($connection->query($query)){
            echo "record is successfully inserted!";
        }else{
            echo "error: record could not be inserted";
        }
    }
}

?>

<html>
<head>
    <title>Page Title</title>
</head>
<body>
    <h2>New Project</h2>
    <p><span class="error">* required field.</span></p>
    <form action="send_post.php" method="post">
        Project: <input type="text" name="Project" value="<?php if(isset($Project)){ echo $Project; } ?>">
        <span class="error">* <?php if(isset($ProjectErr)){ echo $ProjectErr; } ?></span>
        <br><br>
        Client: <input type="text" name="Client" value="<?php if(isset($Client)){ echo $Client; } ?>">
        <span class="error">* <?php if(isset($ClientErr)){ echo $ClientErr; } ?></span>
        <br><br>
        LastName: <input type="text" name="LastName" value="<?php if(isset($LastName)){ echo $LastName; } ?>">
        <span class="error">* <?php if(isset($LastNameErr)){ echo $LastNameErr; } ?></span>
        <br><br>
        DateReceived: <input type="text" name="DateReceived" value="<?php if(isset($DateReceived)){ echo $DateReceived; } ?>">
        <span class="error">* <?php if(isset($DateReceivedErr)){ echo $DateReceivedErr; } ?></span>
        <br><br>
        <input type="submit" name="submit" value="Submit"> 
    </form>

    <?php
        echo "<h2>Your Input:</h2>";
        if(isset($_POST['Project'])){ echo $_POST['Project']; }
        echo "<br />";
        if(isset($_POST['Client'])){ echo $_POST['Client']; }
        echo "<br />";
        if(isset($_POST['LastName'])){ echo $_POST['LastName']; }
        echo "<br />";
        if(isset($_POST['DateReceived'])){ echo $_POST['DateReceived']; }
    ?>
</body>
</html>
<?php
    $connection->close();
?>