使用php将数据插入数据库

时间:2011-06-24 09:46:00

标签: php

嗨,我想在我直接输入数据时将数据从网址插入到我的数据库中,但是当我尝试使用url方法时,它会停止工作。

请你帮我看看代码和c我做错了什么

继承我的代码:

$flight_Number = $_GET['FlightNumber'];
$arrival_Status = $_GET['ArrivalStatus'];
$recipient_Email = $_GET['EmailAddress'];

if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

***mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email"' ,'')");***

#mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', '$_GET[FlightNumber]','$_GET[ArrivalStatus]','$_GET[EmailAddress]', '')");

#mysql_query("INSERT INTO landed (priKey, flightNumber,arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', 'AK81','Landed', 'soulreaver19802001@yahoo.com', '')");

echo "Database updated with: " .$flight_Number. " ".$arrival_Status.;

mysql_close($con);

>

3 个答案:

答案 0 :(得分:0)

您忘记在.之后添加$recipient_Email

 mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
    VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email."' ,'')")

使用mysql_real_escape_string转义变量,否则查询是否有任何其他变量包含单引号,并且您的查询正在邀请某人SQL Injection

答案 1 :(得分:0)

假设您尝试从表单中执行此操作,表单是否使用method="get"method="post"?如果它正在使用POST,则需要将PHP从$ _GET更改为$ _POST。

答案 2 :(得分:0)

我希望此更新可以帮助您。 

function mysqlConnect($host, $user, $password, $database) {
    $con = mysql_connect($host, $user, $password);
    if (!$con) die('Could not connect: ' . mysql_error());
   mysql_select_db($database, $con);
}

mysqlConnect('localhost','root','123456','transport_db');

$flight_Number = isset($_GET['FlightNumber']);
$arrival_Status = isset($_GET['ArrivalStatus']);
$recipient_Email = isset($_GET['EmailAddress']);

$flight_Number = mysql_real_escape_string($flight_Number);
$arrival_Status = mysql_real_escape_string($arrival_Status);
$recipient_Email = mysql_real_escape_string($recipient_Email);

$results = mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus,       recipientEmail, confirmStatus)
VALUES ('', '$flight_Number','$arrival_Status', '$recipient_Email' ,'')") or die('Could not insert record:'.mysql_error());

if($results)
{
echo "Database updated with: $flight_Number $arrival_Status.";
}
mysql_close($con);
相关问题
最新问题