我用数据库创建了一个简单的php cms表单但是当我想提交带有一些虚拟数据的表单时它无法正常工作!我不知道为什么会发生这种情况。我还添加了mysqli_error()来获取我所面临的错误类型,但我只得到了这个:
您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,以便在第2行“','','')附近使用正确的语法
<?php
if (isset($_POST['submit'])){
$post_title = $_POST['title'];
$post_date = date('d-m-y');
$post_author = $_POST['author'];
$post_keywords = $_POST['keywords'];
$post_content = $_POST['content'];
$post_image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
echo '<script>alert("Some fields are missing")</script>';
}else{
move_uploaded_file($image_tmp,"post_images/$post_image");
$insert_query = "INSERT INTO posts
(post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author',$post_image','$post_keywords','$post_content')";
$insert_post = mysqli_query($con,$insert_query);
if ($insert_post){
echo '<h3 style="color:green">Post has been added successfully.</h3>';
}else{
echo mysqli_error($con);
}
}
}
?>
<form method="POST" action="" enctype="multipart/form-data">
<table width="600" align="center" border="10">
<tr>
<td align="center"><h6>Insert Post Title</h6></td>
<td align="center"><input type="text" name="title"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Author</h6></td>
<td align="center"><input type="text" name="author"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Keywords</h6></td>
<td align="center"><input type="text" name="keywords"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Image</h6></td>
<td align="center"><input type="file" name="image"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Content</h6></td>
<td align="center"><textarea name="content" cols="10" rows="10"></textarea></td></br>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Submit"/></td>
</tr>
</table>
</form>
如果你分享这个问题的解决方案,对我来说非常有帮助......谢谢!
答案 0 :(得分:1)
您在 $ post_image 之前缺少报价:
,$post_image'
应该是:
,'$post_image'
那么完整的SQL语句就变成了:
$insert_query = "INSERT INTO posts
(post_title, post_date, post_author, post_image, post_keywords, post_content)
VALUES ('$post_title', '$post_date', '$post_author', '$post_image',
'$post_keywords', '$post_content')";
请注意,您正在使用此if:
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
您应该使用双==代替=。
最后,您的代码容易受到SQL injection的攻击。因此,请使用prepared statements参数。
答案 1 :(得分:0)
以这种方式写if语句更好
// this not always works
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
echo '<script>alert("Some fields are missing")</script>';
}
// yeah much better
if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author)){
echo '<script>alert("Some fields are missing")</script>';
}
和sql错误很可能是因为这里
'$post_keywords','$post_content')";
$post_keywords和$post_content为空或空
答案 2 :(得分:0)
<强>更改
empty检查空变量||代替or move_uploaded_file)$post_image' ) - 这是代码中的错误 mysqli_error(if (!$insert_post){)<强>代码
<?php
if (isset($_POST['submit']))
{
$post_title = $_POST['title'];
$post_date = date('d-m-y');
$post_author = $_POST['author'];
$post_keywords = $_POST['keywords'];
$post_content = $_POST['content'];
$post_image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author))
{
echo '<script>alert("Some fields are missing")</script>';
}
else
{
if (!move_uploaded_file($image_tmp,"post_images/$post_image")) {
echo "Move Failed";
}
else
{
$insert_query = "INSERT INTO posts (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author','$post_image','$post_keywords','$post_content')";
$insert_post = mysqli_query($con,$insert_query);
if (!$insert_post){
echo mysqli_error($con);
}
else
{
echo '<h3 style="color:green">Post has been added successfully.</h3>';
}
}
}
}
?>