I want to set up a database which contains the file paths of the images in my gallery, among other things. I use PHP MySQLi to write to the database. But I can't seem to write data to my newly made database. I am however able to write to another table in my database with virtually the same code. This makes me think that my MySQLi/PHP code is fine, but there is some difference between the database tables.
Connecting to the database:
$errors = array();
//DB details
$dbHost = 'localhost';
$dbUsername = 'root';
$dbPassword = 'root';
$dbName = 'portfolio';
//Create connection and select DB
$db = new mysqli( $dbHost, $dbUsername, $dbPassword, $dbName );
if ( $db->connect_error ) {
$errors[] = "Unable to connect to database:";
$errors[] = "- " . $db->connect_error;
}
This is the MySQLi code that I use for the new database ('gallery'):
$query = "INSERT INTO gallery (title, descr, src, thumb, cat, folio) VALUES ('$file_title', '$file_desc', '$video_url', '$url_thumb', '$file_cat, '$file_folio')";
$result = mysqli_query( $db, $query )or die( mysqli_error() );
mysqli_close( $db );
The query for the old database table ('photo'):
$query = "INSERT INTO photo (name, cat, orig, web, prev, thumb, folio) VALUES ('$file_title', '$file_cat', '$video_url', '', '', '$url_thumb', '$file_folio')";
So the query for the old table writes data, but the query for the new one doesn't. I have a suspicion that it has to do with how the database table is set up. The old table was set up quite a while ago (3+ years) and the new table I've set up yesterday (dropped it and tried again today, since I tried to fix the issue).
I've set up the database using the phpmyadmin functionality (so with filling out the tables instead of writing code) but this is the 'preview SQL' my phpmyadmin gives when I create a new table:
CREATE TABLE `portfolio`.`gallery` ( `id` INT(100) NOT NULL AUTO_INCREMENT , `title` VARCHAR(200) NOT NULL , `descr` VARCHAR(200) NOT NULL , `src` VARCHAR(200) NOT NULL , `thumb` VARCHAR(200) NOT NULL , `cat` VARCHAR(100) NOT NULL , `folio` VARCHAR(100) NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;
When this didn't work, I've tried to select 'Index' at the 'Index' option with every row except for 'id', since that was a difference I noticed between the two tables (with the first code, it doesn't show the 'index key' after the row names of the table). This didn't work either. Code is shown below. It doesn't matter if I leave the 'index name' field blank or fill in the row name by the way. Both don't seem to work.
CREATE TABLE `portfolio`.`gallery` ( `id` INT(100) NOT NULL AUTO_INCREMENT , `title` VARCHAR(200) NOT NULL , `descr` VARCHAR(200) NOT NULL , `src` VARCHAR(200) NOT NULL , `thumb` VARCHAR(200) NOT NULL , `cat` VARCHAR(100) NOT NULL , `folio` VARCHAR(100) NOT NULL , PRIMARY KEY (`id`), INDEX `title` (`title`), INDEX `descr` (`descr`), INDEX `src` (`src`), INDEX `thumb` (`thumb`), INDEX `cat` (`cat`), INDEX `folio` (`folio`)) ENGINE = InnoDB;
What is the best way to set up the table and what is causing the issue I have? I'm probably missing something quite obvious (never had this issue before) but I can't seem to find what the problem is.
Exporting the existing database table gives this code:
-- phpMyAdmin SQL Dump
-- version 4.6.5.2
-- https://www.phpmyadmin.net/
--
-- Host: localhost:8889
-- Generation Time: Jul 30, 2017 at 01:44 PM
-- Server version: 5.6.35
-- PHP Version: 7.0.15
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
--
-- Database: `portfolio`
--
-- --------------------------------------------------------
--
-- Table structure for table `photo`
--
CREATE TABLE `photo` (
`id` int(100) NOT NULL,
`name` varchar(200) NOT NULL,
`cat` varchar(200) NOT NULL,
`orig` varchar(200) NOT NULL,
`web` varchar(200) NOT NULL,
`prev` varchar(200) NOT NULL,
`thumb` varchar(200) NOT NULL,
`folio` varchar(200) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `photo`
--
ALTER TABLE `photo`
ADD PRIMARY KEY (`id`),
ADD KEY `name` (`name`,`cat`,`thumb`,`folio`),
ADD KEY `web` (`web`),
ADD KEY `prev` (`prev`),
ADD KEY `orig` (`orig`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `photo`
--
ALTER TABLE `photo`
MODIFY `id` int(100) NOT NULL AUTO_INCREMENT;
答案 0 :(得分:2)
在以下代码中:
$query = "INSERT INTO gallery (title, descr, src, thumb, cat, folio) VALUES ('$file_title', '$file_desc', '$video_url', '$url_thumb', '$file_cat, '$file_folio')";
$result = mysqli_query( $db, $query )or die( mysqli_error($db) );
mysqli_close( $db );
字段$file_cat
缺少结束语'
。
另外,我建议使用参数化查询来解决几个问题,包括SQL注入攻击,值引用和值转义。