我正在尝试在数据库中插入一些表单发布数据,但它显示错误:
Error: INSERT INTO user_data (name, age, gender,happy,sad,angry) VALUES (Sourav,23,male,3.5,2.75,1.5)
Unknown column 'Sourav' in 'field list'
我使用了查询:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES (" . $name . "," . $age . "," . $gender . "," . $happyness . "," . $sadness . "," . $angryness . ")";
答案 0 :(得分:3)
您必须将字符串值放在引号内。更新代码如下。
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
此外,您的代码不安全。插入表单数据时使用转义字符串。
答案 1 :(得分:1)
将您的查询更改为:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
答案 2 :(得分:0)
USE '',例如'Sourav'
INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('Sourav','23','male','3.5','2.75','1.5')
或者像那样
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
答案 3 :(得分:0)
试试这个..,
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
希望这会有所帮助..
答案 4 :(得分:0)
你应该看一下mysqli或pdo扩展名 - 或者至少对你的参数使用某种引用,例如 mysql_real_escape_string 。直接将用户输入传递给数据库查询可以很容易地用于mysql注入。
使用pdo,您可以编写如下代码:
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$name = 'BOB';
$password = 'badpass';
$stmt = $db->prepare("INSERT INTO table(`hexvalue`, `password`) VALUES(HEX(?), PASSWORD(?))");
$stmt->execute(array($name, $password));