不正确的mysql语法将表单信息上传到数据库中

时间:2011-09-22 03:44:52

标签: php mysql forms mysql-error-1064

这是我收到的错误,这是我的代码。我不确定错误是什么,因为第一行只是我的错误

  

错误:您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在第1行的''附近使用正确的语法。

代码:

<?php
$hostname ="localhost";
$db_user = "root";
$db_password = "";
$database = "Special_order_form";
$db_table = "FORMS";
$db = mysql_connect ($hostname, $db_user, $db_password);
mysql_select_db($database,$db);
?>
<html>

<h1><b><center>SPECIAL ORDER/BACK ORDER FORM</center></b></h1>
<body>
<?php 
if (isset($_REQUEST['Submit'])) { 
 $sql = "INSERT INTO $db_table
             (MANUFACTURER, WAREHOUSE, ORDERTYPE, SOLDTO, SHIPFROM, STOREFROM, SHIPMETH, PO, DAY, ACCNT#, CUSTPO, SHIPPINGADDY, SHIPCUSTVIA, SHIPPINGINSTR, FOB, CASHSALE) 
         values('" . mysql_real_escape_string(stripslashes($_REQUEST['MANUFACTURER'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['WAREHOUSE'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['ORDERTYPE'])) .  "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['SOLDTO'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['SHIPFROM'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['STOREFROM'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['SHIPMETH'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['PO'])) . "','" . 
            mysql_real_escape_string(stripslashes($_REQUEST['DAY'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['ACCNT#'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['CUSTPO'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['SHIPPINGADDY'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['SHIPCUSTVIA'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['SHIPPINGINSTR'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['FOB'])) . "','" , 
            mysql_real_escape_string(stripslashes($_REQUEST['CASHSALE'])) . "')";
if($result = mysql_query($sql ,$db)) { 
echo '<h1>Thank you</h1>Your information has been entered into our database<br><img    src=""'; 
} else 
{ 
echo "ERROR: ".mysql_error(); 
}
} else 
{
?>

<center>
<table border="1">

      <th>MANUFACTURER <br />
   <form method="post" action="">
     <textarea name="MANUFACTURER" cols="20" rows="3" required>
     </textarea><br>
     </th>
    <th>WAREHOUSE #
   <select option="" name="WAREHOUSE"required> 
   <option value="none" selected="selected"></option>
   <option value="1">1</option>
   <option value="2">2</option>
   <option value="3">3</option>
   <option value="4">4</option>
   <option value="5">5</option>
    <option value="6">6</option>
   <option value="7">7</option>
   <option value="8">8</option>
   </select>
    </th>
    <th>


   <form action ="">
   <select option="" name="ORDERTYPE"required>
  <option value="none" selected="selected">Select an option</option>
 <option value="Back Order">Back Order</option>
  <option value="Special Order">Special Order</option>
  <option value="Stock Request">Stock Request</option>
  </select>
 </th>


 <th>
 </th>


 <tr>
 </tr>
 <th>SOLD TO</th>
 <th>SHIP FROM FACTORY DIRECT TO:</th>
 <th>ORDER VIA:</th>
 <th>DO NOT WRITE IN THIS BOX <br /> PURCHASING USE ONLY</th>
  <tr>
 <td><form method="post" action="" required>
 <textarea name="SOLDTO" cols="20" rows="9" required>
 </textarea><br>
</td>
<td>
<center>
  <input type="radio" name="SHIPFROM" value="VIKING WAREHOUSE" required> VIKING WAREHOUSE
 <br>
 <input type="radio" name="SHIPFROM" value="AIH STORE"> AIH STORE #<form action ="" required>
  <select option="" name="FROMSTORE">
   <option value="0" selected="selected"></option>
     <option value="1">1</option>
 <option value="2">2</option>
 <option value="3">3</option>
  <option value="4">4</option>
  <option value="5">5</option>
 <option value="6">6</option>
 <option value="7">7</option>
 <option value="8">8</option>
 </select required>
 <br />
 <input type="radio" name="SHIPFROM" value="CUSTOMER (DROP SHIP)" required> CUSTOMER (DROP SHIP)
 </center>
 </td>
 <td><SELECT MULTIPLE SIZE=10 name="SHIPMETH"required>
  <OPTION VALUE="o1">Next Stock Order
 <OPTION VALUE="o2">TR Trucking
 <OPTION VALUE="o3">Fed Ex- One Day
 <OPTION VALUE="o4">Fed Ex- Second Day
 <OPTION VALUE="o5">Fed Ex- Ground
 <OPTION VALUE="o6">DHL
 <OPTION VALUE="o7">UPS Red(Overnight)
  <OPTION VALUE="o8">UPS Blue(2-Day)
 <OPTION VALUE="o9">UPS Ground
 <OPTION VALUE="o10">Other
 </SELECT></td>


 <td><center>  P.O.    
 <input type="text" name="PO">
 <br>
 DATE: 
 <input type="text" name="DAY">
 </center></td>
 </td>
 <tr>
 <td>ACCOUNT #<br />
  <form method="post" action="">
  </textarea><br><input type="text" name="ACCNT#" required>
  <br/>Customer Purchase<br/> Order # 
 <br/><input type="text" name="CUSTPO">
 </td>
 <td>SHIPPING ADDRESS: <br/>
 <form method="post" action="">
 <textarea name="SHIPPINGADDY" cols="40" rows="5">
  </textarea><br>SHIP TO CUST FROM<br/> AIH VIA 
  <input type="text" name="SHIPCUSTVIA" required>
  </td>
 <td>Special Shipping Instructions<br/><form method="post" action="">
 <textarea name="SHIPPINGINSTR" cols="20" rows="5">
 </textarea><br> 
 </td>
 <td><center>Sell FOB Point<form action="">
 <select name="FOB" required>
 <option value="none" selected="selected">Make A selection</option>
 <option value="Anchorage">Anchorage</option>
 <option value="Factory">Factory</option>
 <option value="Seattle">Seattle</option>
  <option value="Other">Other</option>
 </select>
 </center></td>
 <tr>
 <td>
 CASH SALE
 <input type="checkbox" name="CASHSALE" value="CASH SALE" /><br/>
 COLLECT 50% DEPOSIT
<td></td>
<td></td>
<td>MINIMUM SPECIAL ORDER $50.00
<br/>(Note:  EXCEPT WITH STOCK ORDER<br/> STANDARD PACK QUANTITY<br/> MUST APPLY ON ALL ORDERS)</td>
</table>
 <input type="submit" name="Submit" value="Submit"></center>
 <?php
 }
 ?>
 </form>
 </form>
 </body> 
 </html>

2 个答案:

答案 0 :(得分:2)

尝试将ACCNT#放在像这样的“ACCNT#”的反引号中。为了更好的做法,您应该在查询中附上您的表名和列名。

如果遇到问题,您也可以回显$sql变量并检查查询。有时这可以帮助显示问题。

答案 1 :(得分:0)

有关详细信息,请参阅此处的sql参考手册,以获取有关在表名中使用特殊字符(如#)的更多信息。

  

标识符可以引用或不引用。如果标识符包含   特殊字符或是保留字,必须随时引用   你指的是它。 (例外:在一段时间后的保留字   限定名称必须是标识符,因此不需要引用。)

http://dev.mysql.com/doc/refman/5.1/en/identifiers.html

我个人试图避免使用特殊字符并对表名进行固定处理(即完整的单词或一致的缩写),因为我发现它可以最大限度地减少混淆和错误。