我正在尝试通过HTML页面将一名工作人员添加到我的数据库中,但它不断出现此错误
查询错误:您的SQL语法中有错误;查看与您的MariaDB服务器版本对应的手册,以便在'',' password4')附近使用正确的语法。在第1行
这是我的HTML代码
<form method="post" action="add_staff.php">
<p>Staff Identification Number (SID):</p><input type="text" name="sid" required><br>
<p>First Name:</p><input type="text" name="sfirstname" required><br>
<p>Last Name:</p><input type="text" name="slastname" required><br>
<p>Phone:</p><input type="tel" name="phone" required><br>
<p>Email:</p><input type="email" name="semail"><br>
<p>User Priveledge Number:</p><input type="text" name="privledgeno" required><br>
<p>Username:</p><input type="text" name="username"><br>
<p>Password:</p><input type="text" name="password"><br>
<br><br>
<input id ="input_submit" type="submit" value="Submit">
<input id ="input_reset" type="reset">
</form>
And this is my php code
<?php
// MySQL Database Connect
require_once("connection.php");
// Read the values from the form
$SID =$_POST['sid'];
$S_Firstname = $_POST['sfirstname'];
$S_Lastname = $_POST['slastname'];
$S_Phone = $_POST['phone'];
$S_Email = $_POST['semail'];
$User_privledge_no = $_POST['privledgeno'];
$S_Username = $_POST['username'];
$S_Password = $_POST['password'];
// escape variables for security
$S_Firstname = mysqli_real_escape_string($conn, $S_Firstname);
$S_Lastname = mysqli_real_escape_string($conn, $S_Lastname);
$S_Phone = mysqli_real_escape_string($conn, $S_Phone);
$S_Email = mysqli_real_escape_string($conn, $S_Email);
$User_privledge_no = mysqli_real_escape_string($conn,$User_privledge_no);
$S_Username = mysqli_real_escape_string($conn, $S_Username);
$S_Password = mysqli_real_escape_string($conn, $S_Password);
// create the INSERT query
$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email, User_privledge_no, S_Username, S_Password) VALUES ('$SID','$S_Firstname', '$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', $S_Username', '$S_Password')";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
// Redirect the browser window back to the add customer page
header("location: ../add_cust.html");
}
?>
谢谢
答案 0 :(得分:1)
因为您在$S_Username之前忘记了单引号。将您的$query更改为
$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email,
User_privledge_no, S_Username, S_Password) VALUES ('$SID','$S_Firstname',
'$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', '$S_Username',
'$S_Password')";
答案 1 :(得分:1)
有时我们会忘记任何语法,有时需要花费太多时间来解决这个问题。有时我们应该使用一些技巧来防止我用来防止这种错误。
$array = [
"SID" => $SID,
"S_Firstname" => $S_Firstname,
"S_Lastname" => $S_Lastname,
"S_Phone" => $S_Phone,
"S_Email" => $S_Email,
"User_privledge_no" => $User_privledge_no,
"S_Username" => $S_Username,
"S_Password" => $S_Password,
];
$colums = implode('`, `', array_keys($array)); // columns
$data = implode("', '", $array); // data
$sql "INSERT INTO staff (`".$colums."`) VALUES ('".$data."')"; // you can do inline code too