我试图将表单数据插入数据库中的表之一.要插入的数据是名称,电子邮件,当前日期和用户兴趣.
这是代码.
if (isset($_POST['name'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$intrests = $_POST['intrests'];
$default_intrests = array("mob","pcs","scm","oth");
$interests = "";
if (count($intrests) == 0) {
$interests = implode(",", $default_intrests);
}
else {
$interests = implode(",", $intrests);
}
$sqll="insert into subscriptions (name,email,subdate,intrests) values ($name,$email,CURRENT_DATE, $interests)";
$insert = mysqli_query($link, $sqll);
if (!$insert) {
echo mysqli_error($link);
}
}
在提交表单时,显示以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘dsa,asdf@qwer.com,CURRENT_DATE, mob)’ at line 1
解决方法:
将’添加到值,因为其中一些是字符串
$sqll="insert into subscriptions (name,email,subdate,intrests)
values ('$name','$email',CURRENT_DATE, '$interests')";
实际上,直接将参数写入sql是一个不好的主意,最好使用prepared-statements来执行,避免使用SQL Injection
标签:mysqli,mariadb,sql,mysql,php
来源: https://codeday.me/bug/20191108/2010042.html
151
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
