下午好, 我没有看到我的代码中的任何错误,我一直在获得Mysql错误。
我的代码看起来像这样
<?php
include 'account_numgen.php';
require_once('inc/config.php');
$con = mysqli_connect($host,$user,$pass, $db)or die ('Cannot Connect :'.mysqli_error());
$account_number = mysqli_real_escape_string($con,$_POST['account_number']);
$first_name = mysqli_real_escape_string($con,$_POST['first_name']);
$mi = mysqli_real_escape_string($con,$_POST['mi']);
$last_name = mysqli_real_escape_string($con,$_POST['last_name']);
$address = mysqli_real_escape_string($con,$_POST['address']);
$address2 = mysqli_real_escape_string($con,$_POST['address2']);
$city = mysqli_real_escape_string($con,$_POST['city']);
$tel = mysqli_real_escape_string($con,$_POST['tel']);
$email = mysqli_real_escape_string($con,$_POST['email']);
$nok_1 = mysqli_real_escape_string($con,$_POST['nok_1']);
$nok1_address = mysqli_real_escape_string($con,$_POST['nok1_address']);
$nok1_address2 = mysqli_real_escape_string($con,$_POST['nok1_address2']);
$nok1_city = mysqli_real_escape_string($con,$_POST['nok1_city']);
$nok_2 = mysqli_real_escape_string($con,$_POST['nok_2']);
$nok2_address = mysqli_real_escape_string($con,$_POST['nok2_address']);
$nok2_address2 = mysqli_real_escape_string($con,$_POST['nok2_address2']);
$nok2_city = mysqli_real_escape_string($con,$_POST['nok2_city']);
$id_type = mysqli_real_escape_string($con,$_POST['id_type']);
$id_number = mysqli_real_escape_string($con,$_POST['id_number']);
$open_bal = mysqli_real_escape_string($con,$_POST['open_bal']);
$passport_name = $_FILES['passport']['name'];
$passport_size = $_FILES['passport']['size'];
$passport_type = $_FILES['passport']['type'];
$passporttmp_name = $_FILES['passport']['tmp_name'];
$signature_name = $_FILES['signature']['name'];
$signature_size = $_FILES['signature']['size'];
$signature_type = $_FILES['signature']['type'];
$signaturetmp_name = $_FILES['signature']['tmp_name'];
$sql = "insert into bank_details(account_number,first_name,mi,last_name,address,address2,city,tel,email,nok_1,nok1_address,nok1_address2,nok1_city,nok_2,nok2_address,nok2_address2,nok2_city,id_type,id_number,open_bal,passport_name,passport_size,passport_type,passporttmp_name,signature_name,signature_size,signature_type,signaturetmp_name) values ('".$account_number."','".$first_name."','".$mi."','".$last_name."','".$address."','".$address2."','".$city."','".$tel."','".$email."','".$nok_1."','".$nok1_address."','".$nok1_address2."','".$nok1_city."','".$nok_2."','".$nok2_address."','".$nok2_address2."','".$nok2_city."','".$id_type."','".$id_number."','".$open_bal."','".$passport_name."','".$passport_size."','".$passport_type."','".$passporttmp_name."','".$signature_name."','".$signature_size."','".$signature_type."','".$signaturetmp_name."')";
mysqli_query($con,$sql) or die ('Failed Query: '.mysqli_error($con));
$passport_dir = 'passport/';
$signature_dir = 'signature/';
$filePath1 = $passport_dir . $passport_name;
$filePath2 = $signature_dir . $signature_name;
$result1 = move_uploaded_file($passporttmp_name,$filePath1);
$result2 = move_uploaded_file($signaturetmp_name,$filePath2);
echo ('
<SCRIPT LANGUAGE="JavaScript">
window.alert("Account Information \n Account Number: '.$account_number.'\n First Name: '.$first_name.'\n Last Name: '.$last_name.'\n Last Name: '.$open_bal.'")
window.location.href="index.html";
</SCRIPT>
');
?>
现在我收到此错误
Failed Query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's_Signature.png','78716','image/png','C:\xampp\tmp\phpD784.tmp')' at line 1
为什么会这样?我没有看到我的代码中的任何错误,它是如何停止发布到我的本地主机上的数据库。
修改
当我添加mysqli_real_escape_string($con, $_FILES[....])
时,它工作正常,但它不会将图像从应用程序发送到localhost服务器,究竟是什么情况?
答案 0 :(得分:0)
在所有字段上使用mysqli_real_escape_string
,包括您在$_FILES
显然,名字中有引号......
而你使用它的方式路径是错误的,因为它应该是\\
而不是每个\
,否则\t
是一个标签。
答案 1 :(得分:0)
$signature_name
有一个撇号(')。您需要使用mysqli_real_escape_string
转义它。
除了使用预准备语句,我建议转义查询的所有参数。看看https://www.w3schools.com/php/php_mysql_prepared_statements.asp
编辑:由会计师提取
转义所有参数或使用预准备语句。实际上,您应该始终使用预准备语句,除其他外,它们会为您提供参数。
答案 2 :(得分:0)
在“mysqli_real_escape_string
”上使用$signature_name
- 其中包含撇号。
$signature_name = mysqli_real_escape_string($con,$_FILES['signature']['name']);