我正在尝试向db插入详细信息。它运行成功消息,但不会将任何数据插入数据库。尝试了不同的方法,但仍然没有数据插入数据库。
我更新了我的代码以显示整个过程。 代码:
<?php
$con = mysqli_connect("localhost","root","","the_official_one");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){
$prod_name = strtoupper($_POST['prod_name']);
$prod_brand = $_POST['prod_brand'];
$prod_cat = $_POST['prod_model'];
$prod_price = $_POST['prod_price'];
$prod_desc = $_POST['prod_desc'];
$prod_qty = $_POST['prod_qty'];
$d = date("Y-m-d");
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
$uniq_id = mysqli_insert_id($con);
echo $uniq_id." ";
foreach($_FILES['product_image']['tmp_name'] as $key => $tmp_name){
$name = $_FILES['product_image']['name'][$key];
$tmpname = $_FILES['product_image']['tmp_name'][$key];
$type = $_FILES['product_image']['type'][$key];
$size = $_FILES['product_image']['size'][$key];
mkdir("product_images/$prod_name/");
$dir = "product_images/$prod_name/";
$move = move_uploaded_file($tmpname, $dir.$name);
$path = "$prod_name/".$_FILES['product_image']['name'][$key];
$img = $_FILES['product_image']['name'][$key];
if($move) {
$sql = mysqli_query($con,"INSERT into product_images(prod_id, image) VALUES ('".$uniq_id."', '".$img."')");
$query = mysqli_query($con,"update products set product_image_1='$path' where product_title='$prod_name'");
if($query) {
header('location: add_prods.php?message=success');
} else {
header('location: add_prods.php?message=failed');
}
} else {
echo '<hr>Picture upload failed<br /><hr />';
}
}
}
?>
有错误的代码是:
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
答案 0 :(得分:1)
mysqli_autocommit($con,TRUE);
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
OR
mysqli_commit($con);
无论哪种方式,您都应该考虑在完成后关闭连接。
mysqli_close($con);
如果这些都不起作用,请尝试输出
的内容mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')"
看看出了什么问题。
无论哪种方式在构建该查询之前没有转义变量以阻止SQL注入。