您的SQL语法有错误;检查手册 对应于您的MariaDB服务器版本,以使用正确的语法 靠近“石头”,“ 1”,“ J”。罗琳(R.罗琳(R.罗琳(R. 罗琳(R.在第二行
代码:
mysqli_query($con,"insert into book(book_title,category_id,author,author_2,author_3,author_4,author_5,book_copies,book_pub,publisher_name,isbn,copyright_year,status,book_barcode,book_image,date_added,remarks)
VALUES('$book_title','$category_id','$author','$author_2','$author_3','$author_4','$author_5','$book_copies','$book_pub','$publisher_name','$isbn','$copyright_year','$status','$gen','$book_image',NOW(),'$remark')")or die(mysqli_error($con));
答案 0 :(得分:1)
您的参数扩展为带有单引号的值,该单引号破坏了语法。 Use prepared statements来防止这种情况(and other bad things)发生。
这是一个如何完成的示例(copied mostly from these examples):
if ($stmt = mysqli_prepare($con, "insert into book(book_title,category_id,author,author_2,author_3,author_4,author_5,book_copies,book_pub,publisher_name,isbn,copyright_year,status,book_barcode,book_image,date_added,remarks) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,NOW(),?)")) {
mysqli_stmt_bind_param($stmt, "sdsssssddssdsssss", $book_title,$category_id,$author,$author_2,$author_3,$author_4,$author_5,$book_copies,$book_pub,$publisher_name,$isbn,$copyright_year,$status,$gen,$book_image,$remark);
mysqli_execute($stmt);
mysqli_stmt_close($stmt);
}