在php数据库中保存多种数据类型

时间:2018-05-09 17:44:01

标签: php mysqli

我试图在我的mysql数据库中保存多个数据类型。我不确定我是否正确传递了值,或者我的代码中可能存在错误。这是我的数据库表:

CREATE TABLE `entry` (
  `entry_id` int(11) NOT NULL,
  `course_type` varchar(20) NOT NULL,
  `course_time` time NOT NULL,
  `course_day` varchar(20) NOT NULL,
  `course_teacher` varchar(50) NOT NULL,
  `course_location` varchar(50) NOT NULL,
  `students_group` int(11) NOT NULL,
  `course_name` varchar(50) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

目前的问题是我的数据没有保存在我的数据库中。表格提交得很好。我认为问题可能与选择标签或输入时间标签有关。

<?php
require('config.php');
include('auth.php');

if (isset($_POST['save_entry'])) {
    $sql = "INSERT INTO entry 
                    (course_name, course_type, course_time, course_day, 
                     course_teacher, course_location, students_group)
            VALUES ('" . $_POST["course_name"] . "," .
                    $_POST["course_type"] . "," . 
                    $_POST["course_time"] . "," . 
                    $_POST["course_day"] . ", " .
                    $_POST["course_teacher"] . ", " .
                    $_POST["course_location"] . ", " .
                     $_POST["students_group"] . "')";

    $result = mysqli_query($con, $sql);
}
?>

<form method="POST" action="/admin/entry/">
    <input name="course_name" type="text" required="required"><br>
    <br>
    <select name="course_type">
        <option value="Course">Course</option>
        <option value="Seminar">Seminar</option>
    </select>
    <br>
    <br>
    <input name="course_time" type="time" required="required"><br>
    <br>
    <select name="course_day">
        <option>Monday</option>
        <option>Tuesday</option>
        <option>Wednesday</option>
        <option>Thursday</option>
        <option>Friday</option>
    </select><br>
    <br>
    <input name="course_teacher" type="text" required="required"><br>
    <br>
    <input name="course_location" type="text" required="required"><br>
    <br>
    <input name="students_group" type="number" required="required"><br>
    <br>
    <button type="submit" name="save_entry">Add Entry</button>
</form>

<br><br>

1 个答案:

答案 0 :(得分:1)

引号出错:

$sql = "INSERT INTO entry (course_name, course_type, course_time, course_day, course_teacher, course_location, students_group)
 VALUES ('" . $_POST["course_name"] . "','" . $_POST["course_type"] . "','" . $_POST["course_time"] . "','" . $_POST["course_day"] . "','" . $_POST["course_teacher"] . "',
  '" . $_POST["course_location"] . "','" . $_POST["students_group"] . "')";

此代码易受SQL注入攻击。请改用预备语句。

相关问题
最新问题