有一个复杂的查询来插入一些未进入我的数据库的数据

时间:2019-04-01 11:32:32

标签: php mysql sql

我有一个基本的表格,我希望用户输入数据,然后将该信息插入我的数据库。我的查询有点复杂,当我尝试执行查询时,我得到了一条错误消息。寻找解决方案以帮助解决此问题。

这里有一些代码可以让您大致了解我的问题。我有一个带有提交按钮的表单,该表单将用户输入字段发送到saveSale.php,这就是我的插入查询所在的位置。

在我的saveSale文件中,我尝试检查结果以查明查询是否成功。

$query = "INSERT INTO lead_log (";
$query .= "salesperson_id, fname, lname, address, city, state, 
            zip, source, commercial, paperwork_submitted, claim_submitted, 
            commission_earned, date_proposal, date_install, date_sold, 
            date_followup, status, sale_price, amount_quoted, ac, hp, 
            furnace, ah, boiler, generator, minisplit1, minisplit2, 
            minisplit3, minisplit4, accessories1, accessories2, 
            accessories3, accessories4, accessories5, accessories6, 
            accessories7, comments, followup";

$query .= " ) VALUES (";

$query .= "' . $currentUser->id ', '{$fname}', '{$lname}', '{$address}, '{$city}, '{$state}', '{$zip}', ";

$query .= "' {$_POST['source']}', '{$_POST['commercial']}', '{$_POST['paperwork_submitted']}','{$_POST['claim_submitted']}', '{$commission_earned}', ";

$query .= "'" .convertDate($_POST['date_proposal']). "'," .convertDate($_POST['date_install'])."',";

$query .= "'".convertDate($_POST['date_sold'])."'," .convertDate($_POST['date_followup'])."',";

$query .= " '{$_POST['status']}', '{$salePrice}', '{$amount_quoted}', '{$_POST['AC']}', '{$_POST['HP']}', '{$_POST['furnace']}',
          '{$_POST['AH']}', '{$_POST['boiler']}', '{$_POST['generator']}', '{$_POST['minisplit1']}', '{$_POST['minisplit2']}',
          '{$_POST['minisplit3']}', '{$_POST['minisplit4']}', '{$_POST['accessories1']}', '{$_POST['accessories2']}', '{$_POST['accessories3']}',
          '{$_POST['accessories4']}', '{$_POST['accessories5']}', '{$_POST['accessories6']}', '{$_POST['accessories7']}', '{$comments}', '{$followup}' " ;

$query .= ")";
$result = $con->query($query);
if ($result) {
    redirect_to("index.php");
    echo "Insert Successful";
} else {
    echo "Insert Failure";
}

表格

 <form action="saveSale.php" method="post" name='form' onsubmit="return validateForm()">
    <input type="submit" value="Save" name="submit" class='buttonClass defaultButton'/>

Query Result 

INSERT INTO lead_log (salesperson_id, fname, lname, address, city, state, zip, source, commercial, paperwork_submitted, claim_submitted, commission_earned, date_proposal, date_install, date_sold, date_followup, status, sale_price, amount_quoted, ac, hp, furnace, ah, boiler, generator, minisplit1, minisplit2, minisplit3, minisplit4, accessories1, accessories2, accessories3, accessories4, accessories5, accessories6, accessories7, comments, followup ) VALUES (' . 1 ', 'Montrell', 'Sampson', ', ', '', '', ' ', 'n', '','', '0', '-03-21',0000-01-01','0000-01-01',0000-01-01', 'Sold', '13107.00', '13107.00', '73', '14', '218', 'null', 'null', 'null', 'null', 'null', '48', 'null', '45', '45', 'null', 'null', 'null', 'null', 'null', 'none', '' )

This is an image with my error message.

1 个答案:

答案 0 :(得分:1)

INSERT INTO lead_log (salesperson_id, fname, lname, address, city, state, zip, source, commercial, paperwork_submitted, claim_submitted, commission_earned, date_proposal, date_install, date_sold, date_followup, status, sale_price, amount_quoted, ac, hp, furnace, ah, boiler, generator, minisplit1, minisplit2, minisplit3, minisplit4, accessories1, accessories2, accessories3, accessories4, accessories5, accessories6, accessories7, comments, followup ) VALUES (' . 1 ', 'Montrell', 'Sampson', ', ', '', '', ' ', 'n', '','', '0', '-03-21',0000-01-01','0000-01-01',0000-01-01', 'Sold', '13107.00', '13107.00', '73', '14', '218', 'null', 'null', 'null', 'null', 'null', '48', 'null', '45', '45', 'null', 'null', 'null', 'null', 'null', 'none', '' )

似乎缺少两个引号,它可能看起来像这样

INSERT INTO lead_log (salesperson_id, fname, lname, address, city, state, zip, source, commercial, paperwork_submitted, claim_submitted, commission_earned, date_proposal, date_install, date_sold, date_followup, status, sale_price, amount_quoted, ac, hp, furnace, ah, boiler, generator, minisplit1, minisplit2, minisplit3, minisplit4, accessories1, accessories2, accessories3, accessories4, accessories5, accessories6, accessories7, comments, followup ) VALUES (' . 1 ', 'Montrell', 'Sampson', ', ', '', '', ' ', 'n', '','', '0', '-03-21','0000-01-01','0000-01-01','0000-01-01', 'Sold', '13107.00', '13107.00', '73', '14', '218', 'null', 'null', 'null', 'null', 'null', '48', 'null', '45', '45', 'null', 'null', 'null', 'null', 'null', 'none', '' )

因此,请尝试从更改代码:

$query .= "'" .convertDate($_POST['date_proposal']). "'," .convertDate($_POST['date_install'])."',";

$query .= "'".convertDate($_POST['date_sold'])."'," .convertDate($_POST['date_followup'])."',";

至:

$query .= "'" .convertDate($_POST['date_proposal']). "','" .convertDate($_POST['date_install'])."',";

$query .= "'".convertDate($_POST['date_sold'])."','" .convertDate($_POST['date_followup'])."',";

我强烈建议尝试按照@RiggsFolly的建议正确设置代码格式,这样以后可以轻松阅读和编辑。

此外,此代码还容易受到SQL注入的影响,因此请注意。

相关问题
最新问题