你能告诉我这段代码中的问题是什么:

时间:2011-06-01 17:06:49

标签: php mysql

你能告诉我这段代码中的问题是什么:

<?php
include('config.php');
$name=$_POST['name'];
$sms=$_POST['sms'];
$os=$_POST['os'];
$nop=$_POST['nop'];
$dl=$_POST['dl'];
$tapb=$_POST['tapb'];
$date=$_POST['date'];
$calls=$_POST['calls'];
$ft=$_POST['ft'];
$train=$_POST['train'];
$tds=$_POST['tds'];
$ws=$_POST['ws'];
$airl=$_POST['airl'];
$comm=$_POST['comm'];
$tid=$_POST['tid'];
$ial=$_POST['ial'];
$tamt=$_POST['tamt'];
$btype=$_POST['btype'];
$from=$_POST['from'];
$cuspay=$_POST['cuspay'];
$comment=$_POST['comment'];
$to=$_POST['to'];
$pays=$_POST['pays'];
$payee=$_POST['payee'];
$jdate=$_POST['jdate'];
$payment=$_POST['payment'];
$rv=$_POST['rv'];
$rvia=$_POST['rvia'];
$redate=$_POST['redate'];
$mpay=$_POST['mpay'];
$total=$_POST['total'];
$totalr=$_POST['totalr'];

$result=mysql_query ("INSERT INTO booking (name, sms, out_standing, no_of_pax, delivery, tkt_amt_payed_by, booked_date, calls, flight_time, flight_train, tds, wish_sms, air_lines, commiss, transation_id, indian_airline, tkt_amt, booking_type, from, customer_payment, comment, to, payment_status, payee, journy_date, payment_date, return_date, mode_of_payment, return_via1, return_via2, total, total_received)
VALUES ('$name', '$sms', '$os','$nop','$dl','$tapb','$date','$calls','$train','$ft','$train','$tds','$ws','$airl','$comm','$tid','$ial','$tamt','$btype','$from','$cuspay','$comment','$to','$pays','$payee','$jdate','$payment','$redate','$mpay','$rv','$rvia','$total','$totalr')") or die("Query failed : " . mysql_error());
header('Location: booking.php');  
mysql_close($con);

?>

4 个答案:

答案 0 :(得分:2)

我实际上花了一些时间查看查询... VALUES ('$name', '$sms', '$os','$nop','$dl','$tapb','$date','$calls','$train','$ft','$train',$train两次。我猜是第一个是拼写错误你应该删除它。列数和值不匹配。

正如其他人所说,这里有更多错误......

答案 1 :(得分:0)

很多错误

  • 您没有清理查询参数(由@Damien指出)
  • 您正在使用直接来自$_POST的日期,而不检查日期格式

我只是懒得继续......

答案 2 :(得分:0)

您的价值观与您的字段不匹配。你有32个字段,但有33个值

您忘记了我怀疑的字段定义中* flight_train *和 tds 之间的字段

此代码存在更多错误,请参阅相关评论。

答案 3 :(得分:0)

这是一个稍微好一点的代码:

<?php
include 'config.php';

$keys = array('name', 'sms', 'os', ...); // Put in the rest of the values yourself

$values = array();

foreach($keys as $key) {
    if(!isset($_POST[$key])) {
        // handle missing input, do validation etc
    }
    else
        $values[] = "'" . mysql_real_escape_string($_POST[$key]) . "'";
}

$query = sprintf("INSERT INTO booking (%s) VALUES (%s)", implode($keys, ', '), implode($values ', '));

$result = mysql_query($query);
mysql_close($con);

if(!$result)
    die(mysql_error());
else
    header('Location: booking.php');  
?>
相关问题
最新问题