我无法在数据库中插入值

时间:2019-10-22 05:40:16

标签: php html

帮助,如果我的输入带有(')符号,则无法在数据库中输入值

如果我使用chrome,可以将其输入到数据库中,但是如果我输入(')签名,则会产生错误

<form action="addsong.php" method="POST">
    <h1>Add A Song</h1>
    <div class="form-box">
        <textarea type="text" class="seach-field title" name="title" placeholder="Title" required></textarea>
        <textarea type="text" class="seach-field" name="verse1" placeholder="Verse 1" required></textarea>
        <textarea type="text" class="seach-field" name="verse2" placeholder="Verse 2" ></textarea>
        <textarea type="text" class="seach-field" name="verse3" placeholder="Verse 3" ></textarea>
        <textarea type="text" class="seach-field" name="refrain" placeholder="Refrain" ></textarea>
        <textarea type="text" class="seach-field" name="chorus" placeholder="Chorus" required></textarea>
        <textarea type="text" class="seach-field" name="bridge" placeholder="Bridge" ></textarea>
        <br /><br />
        <button type="submit" class="search-btn noEnterSubmit" name="add-song">Add</button>
        <button type="reset" onclick="window.location.href = 'index.php';" class="cancel left">Cancel</button>

    </div>
</form>

这是我的addsong.php

*

$conn = mysqli_connect('localhost:3306', 'root', '', 'copy_cat');

    $titles = $_POST['title'];
    $v1 = $_POST['verse1'];
    $v2 = $_POST['verse2'];
    $v3 = $_POST['verse3'];
    $refrain = $_POST['refrain'];
    $chorus = $_POST['chorus'];
    $bridge = $_POST['bridge'];


    $query = "INSERT INTO songs (title,verse1,verse2,verse3,refrain,chorus,bridge) VALUES ('$titless','$v1','$v2','$v3','$refrain','$chorus','$bridge')";
    $query_run = mysqli_query($conn, $query);

    if($query_run)
    {
        $_SESSION['success'] = "Song Successfully Added";
        header('Location: index.php');
    }
    else{
        $_SESSION['status'] = "Song Not Added";
        header('Location: error.php');

    }

1 个答案:

答案 0 :(得分:0)

语法:

mysqli_real_escape_string ( mysqli $link , string $escapestr ) : string

$link是您的数据库连接,而$escapestr是您需要转义的内容。

   $conn = mysqli_connect('localhost:3306', 'root', '', 'copy_cat');

    $titles = mysqli_real_escape_string($conn,$_POST['title']); // this is what you were missing.
    $v1 = mysqli_real_escape_string($conn,$_POST['verse1']);
    $v2 = mysqli_real_escape_string($conn,$_POST['verse2']);
    $v3 = mysqli_real_escape_string($conn,$_POST['verse3']);
    $refrain = mysqli_real_escape_string($conn,$_POST['refrain']);
    $chorus = mysqli_real_escape_string($conn,$_POST['chorus']);
    $bridge = mysqli_real_escape_string($conn,$_POST['bridge']);


    $query = "INSERT INTO songs (title,verse1,verse2,verse3,refrain,chorus,bridge) VALUES ('$titless','$v1','$v2','$v3','$refrain','$chorus','$bridge')";
    $query_run = mysqli_query($conn, $query);

    if($query_run)
    {
        $_SESSION['success'] = "Song Successfully Added";
        header('Location: index.php');
    }
    else{
        $_SESSION['status'] = "Song Not Added";
        header('Location: error.php');

    }