查询运行但不向数据库插入数据

时间:2016-03-04 14:22:26

标签: php mysql

我正在尝试向db插入详细信息。它运行成功消息,但不会将任何数据插入数据库。尝试了不同的方法,但仍然没有数据插入数据库。

我更新了我的代码以显示整个过程。 代码:

     <?php 

 $con = mysqli_connect("localhost","root","","the_official_one");
// Check connection
if (mysqli_connect_errno())
{
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
}


if(isset($_POST['submit'])){

    $prod_name = strtoupper($_POST['prod_name']);
    $prod_brand = $_POST['prod_brand'];
    $prod_cat = $_POST['prod_model'];
    $prod_price = $_POST['prod_price'];
    $prod_desc = $_POST['prod_desc'];
    $prod_qty = $_POST['prod_qty'];
    $d = date("Y-m-d");

    mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date) 
    VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");

    $uniq_id = mysqli_insert_id($con);
    echo $uniq_id." ";     



    foreach($_FILES['product_image']['tmp_name'] as $key => $tmp_name){

    $name = $_FILES['product_image']['name'][$key];
    $tmpname = $_FILES['product_image']['tmp_name'][$key];
    $type = $_FILES['product_image']['type'][$key];
    $size = $_FILES['product_image']['size'][$key];        

    mkdir("product_images/$prod_name/");
    $dir = "product_images/$prod_name/";

    $move = move_uploaded_file($tmpname, $dir.$name);
    $path = "$prod_name/".$_FILES['product_image']['name'][$key];
    $img = $_FILES['product_image']['name'][$key];

    if($move) {                            
        $sql = mysqli_query($con,"INSERT into product_images(prod_id, image) VALUES ('".$uniq_id."', '".$img."')"); 
        $query = mysqli_query($con,"update products set product_image_1='$path' where product_title='$prod_name'");

    if($query) {
        header('location: add_prods.php?message=success');
    } else {
        header('location: add_prods.php?message=failed');
    }

    } else {
        echo '<hr>Picture upload failed<br /><hr />';
    }
    }  
   }    

   ?>

有错误的代码是:

      mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date) 
    VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");

1 个答案:

答案 0 :(得分:1)

mysqli_autocommit($con,TRUE);

mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date) 
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");

OR 

mysqli_commit($con);

无论哪种方式,您都应该考虑在完成后关闭连接。 

mysqli_close($con);

如果这些都不起作用,请尝试输出

的内容 
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date) 
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')"

看看出了什么问题。

无论哪种方式在构建该查询之前没有转义变量以阻止SQL注入

相关问题
最新问题