将值一一添加到sql

时间:2019-03-20 22:08:23

标签: mysql

我要在检查值是否有效且不为空之后一一插入值,提交后,我想显示一条消息,确认已创建我的注册,但给了我错误:INSERT INTO订户(comment,reg_date) )VALUES(“,CURRENT_TIME())。

创建表订阅者

"CREATE TABLE subscribers (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY, 
name VARCHAR(30) NOT NULL,
lastname VARCHAR(50) NOT NULL,
email VARCHAR(50) NOT NULL,
comment VARCHAR(50) NOT NULL,
gender VARCHAR(50) NOT NULL,
reg_date TIMESTAMP
)";

将数据插入MySQL表

if(!empty($_POST["name"]) && preg_match("/^[a-zA-Z ]*$/",$name)) {
$sql = "INSERT INTO subscribers (name)
VALUES ('".$_POST["name"]."')";   
}
if(!empty($_POST["lastname"]) && preg_match("/^[a-zA-Z ]*$/",$name)) {
$sql = "INSERT INTO subscribers (lastname)
VALUES ('".$_POST["lastname"]."')";   
}
if(!empty($_POST["email"]) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$sql = "INSERT INTO subscribers (email)
VALUES ('".$_POST["email"]."')";   
}
if(!empty($_POST["gender"])) {
$sql = "INSERT INTO subscribers (gender)
VALUES ('".$_POST["gender"]."')";   
}

$sql = "INSERT INTO subscribers (comment,reg_date)
VALUES ('".$_POST["comment"]."',CURRENT_TIME())";

if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
    }

1 个答案:

答案 0 :(得分:0)

您需要编写一个插入所有列的查询,而不是为每个列单独查询。而且,您应该使用准备好的语句,而不是连接变量。

输入验证应报告错误,而不是分配查询。

if(!preg_match("/^[a-zA-Z ]+$/",$_POST['name'])) {
    die("Invalid name"); 
}
if(!preg_match("/^[a-zA-Z ]*$/",$_POST['lastname'])) {
    die("Invalid last name");  
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    die("Invalid email");
}
if(empty($_POST["gender"])) {
    die("Empty gender"); 
}

$sql = "
    INSERT INTO subscribers (name, lastname, email, gender, comment, reg_date) 
    VALUES(?, ?, ?, ?, ?, CURRENT_TIME())";
$stmt = $conn->prepare($sql) or die("Error: " . $sql . "<br>" . $conn->error);
$stmt->bind_param("sssss", $_POST['name'], $_POST['lastname'], $_POST['email'], $_POST['gender'], $_POST['comment']);

if ($stmt->execute()) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $stmt->error;
}