我正在尝试将变量传递给select查询。 Quer低于
$Email = $_POST["Email"];
$Username = $_POST["User_Name"];
$FirstName = $_POST["First_Name"];
$Password = $_POST["Password"];
$CreateTable = "CREATE TABLE IF NOT EXISTS "+$Username+" (
address_id int(11) NOT NULL
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;" ;
但桌子没有创造。我错过的地方?
感谢宝贵的时间。
答案 0 :(得分:2)
由于您无法对此类查询使用prepared statements
,您应该尝试从提供的用户输入中删除可能有害的字符。
$email = filter_input( INPUT_POST, 'Email', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$username = filter_input( INPUT_POST, 'User_Name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$firstname = filter_input( INPUT_POST, 'First_Name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$password = filter_input( INPUT_POST, 'Password', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
/* Strip any non alphanumeric charachters and replace space with underscore */
$username = preg_replace('@^[\da-z]$@i','', str_replace( ' ', '_', $username ) );
$sql = "CREATE TABLE IF NOT EXISTS `{$username}` (
address_id int(11) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
$db=new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$db->query( $sql );
答案 1 :(得分:1)
您使用' +' 符号连接两个字符串(在php中无效)。
您应该使用'。' 来连接两个字符串。
见答案:How to combine two strings together in PHP?
您的SQL语句应如下所示:
$CreateTable = "CREATE TABLE IF NOT EXISTS ".$Username." (
address_id int(11) NOT NULL
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;" ;
BTW,不建议执行敏感查询,例如在php脚本中创建(NOR DELETING)表。
答案 2 :(得分:1)
您应该检查您的PHP文件。并尝试
$tableUser = "CREATE TABLE IF NOT EXISTS ".$Username."(
index int(11) NOT NULL
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;" ;