将表单字段插入SQL - 错误

时间:2015-12-30 15:52:27

标签: php mysql

嗨所以我有一个包含10个字段的表单,我试图通过在PHP页面上发布它们将它们插入到SQL数据库中。连接开始正常,但它返回以下错误:

  

错误:INSERT INTO课程(姓名,老师,描述,班级,DAYONE,DAYTWO,DAYTHREE,STD1,STD2,STD3)VALUES(,,,,,,,,,)   您的SQL语法有错误;查看与您的MySQL服务器版本相对应的手册,以便在第1行的“,,,,,,,”附近使用正确的语法

include_once 'connect.php';   
// Create connection
$conn = new mysqli(HOST, USER, PASSWORD, DATABASE);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$name = $_POST['name'];
$teacher = $_POST['teacher'];
$description = $_POST['description'];
$class = $_POST['class'];
$dayone = $_POST['dayone'];
$daytwo = $_POST['daytwo'];
$daythree = $_POST['daythree'];
$std1 = $_POST['std1'];
$std2 = $_POST['std2'];
$std3 = $_POST['std3'];

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ($name, $teacher, $description, $class, $dayone, $daytwo, $daythree, $std1, $std2, $std3)";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

我还应该提到数据库表还有一个名为ID type int(11)的字段,它是AUTO_INCREMENT,我希望每次插入新行时都会自动填充它。我错了吗?

编辑:添加了HTML代码,因为它已被要求

<form name="registration_form" method="post" class="clearfix" action="create.php">
    <div class="form-group">
        <label for="name">NAME</label>
        <input type="text" class="form-control" id="name" placeholder="Course Name">
    </div>
    <div class="form-group">
        <label for="teacher">Teacher</label>
        <input type="text" class="form-control" id="teacher" placeholder="Teacher's Name">
    </div>
    <div class="form-group">
        <label for="description">Description</label>
        <textarea class="form-control" id="description" placeholder="Description"></textarea>
    </div>
    <div class="form-group">
        <label for="class">Class</label>
        <input type="text" class="form-control" id="class" placeholder="Class Name">
    </div>
    <div class="form-group">
        <label for="dayone">Day one</label>
        <input type="text" class="form-control" id="dayone" placeholder="Day One">
    </div>
    <div class="form-group">
        <label for="daytwo">Day two</label>
        <input type="text" class="form-control" id="daytwo" placeholder="Day Two">
    </div>
    <div class="form-group">
        <label for="daythree">Day three</label>
        <input type="text" class="form-control" id="daythree" placeholder="Day Three">
    </div>
    <div class="form-group">
        <label for="std1">std1</label>
        <input type="text" class="form-control" id="std1" placeholder="std1">
    </div>
    <div class="form-group">
        <label for="std2">std2</label>
        <input type="text" class="form-control" id="std2" placeholder="std2">
    </div>
    <div class="form-group">
        <label for="std1">std3</label>
        <input type="text" class="form-control" id="std3" placeholder="std3">
    </div>
    <div class="checkbox">
        <label>
            <input type="checkbox">I Understand <a href="#">Terms & Conditions</a>
        </label>
    </div>
    <button type="submit" class="btn pull-right">Create Course</button>
</form>

2 个答案:

答案 0 :(得分:0)

这可以帮助您确定问题是否未收到POST变量。

还有点安全性。

// create an array of all possible input values
$input_array = array('name', 'teacher', 'description', 'class', 'dayone', 'daytwo', 'daythree', 'std1', 'std2', 'std3');

// create an input array to put any received data into for input to the database
$input_array = array();

include_once 'connect.php';   
    // Create connection
    $conn = new mysqli(HOST, USER, PASSWORD, DATABASE);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 


    // loop through the possible input values to check that a post variable has been received for each.. if received escape the data ready for input to the database
    foreach($input_array as $key => $value)
    {
    if(!isset($_POST[$value])) {
    die("no {$value} post variables received");
    }
    $input_array[$value] = mysqli_real_escape_string($conn, $_POST[$value]);
    }


    $sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('{$input_array['name']}', '{$input_array['teacher']}', '{$input_array['description']}', '{$input_array['class']}', '{$input_array['dayone']}', '{$input_array['daytwo']}', '{$input_array['daythree']}', '{$input_array['std1']}', '{$input_array['std2']}', '{$input_array['std3']}')";

    if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }

    $conn->close();

答案 1 :(得分:-1)

尝试:

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('".$name."', '".$teacher."', '".$description."', '".$class."', '".$dayone."', '".$daytwo."', '".$daythree."', '".$std1."', '".$std2."', '".$std3."')";

另外,使用:

$name = $conn->real_escape_string($_POST['name']);
//etc

还要在表单字段中添加名称:

<input name="class" type="text" class="form-control" id="class" placeholder="Class Name">
相关问题
最新问题