1. 首頁
  2. 問答
  3. PHP&MYSQL - 無法在數據庫中插入數據

PHP&MYSQL - 無法在數據庫中插入數據

2013-02-03 63 views
0

II創建了插入新公司的表單,並且在該頁面上,它是將數據插入數據庫的PHP腳本。PHP&MYSQL - 無法在數據庫中插入數據

我不知道這個代碼中的錯誤在哪裏。

<?php 
if (isset($_POST['submit'])) 
{ 
    // Form has been submitted. 
    $query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2, 
    position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email) 
    VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}', 
    '{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}', 
    '{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}', 
    '{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')"); 

    $result = mysql_query($query, $connection); 
    if (!$result) { 
     echo "The company was not created."; 
    } else { 
     echo "The company was successfully created."; 
    } 
} 
?>

來源

2013-02-03 user2036948

+0

你得到什麼錯誤? – Orangecrush

回答

2

重寫代碼並從變量那些{}

VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...

1,一定要逃避他們,你將其發送給數據庫之前。

2,不要用mysql,使用PDO或mysqli的

逃脫他們做這樣的:

$name = mysql_real_escape_string($_POST['name']) ;

,然後將它傳遞給UR查詢像

VALUES ('$name', .... <-- same with other columns

編輯 -

試試這個

if (isset($_POST['submit'])) { // Form has been submitted. 

    $name = mysql_real_escape_string($_POST['name']) ; 
    $subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ; 
    $subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ; 
    $subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ; 
    $position = mysql_real_escape_string($_POST['position']) ; 
    $country = mysql_real_escape_string($_POST['country']) ; 
    $city = mysql_real_escape_string($_POST['city']) ; 
    $district = mysql_real_escape_string($_POST['district']) ; 
    $contact = mysql_real_escape_string($_POST['contact']) ; 
    $set_up_date = mysql_real_escape_string($_POST['setdate']) ; 
    $address = mysql_real_escape_string($_POST['address']) ; 
    $phone = mysql_real_escape_string($_POST['phone']) ; 
    $areacode = mysql_real_escape_string($_POST['areacode']) ; 
    $website = mysql_real_escape_string($_POST['website']) ; 
    $fax = mysql_real_escape_string($_POST['fax']) ; 
    $email = mysql_real_escape_string($_POST['email']) ; 

$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2, 
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email) 
    VALUES ('$_POST['name']', '$subdomain0', '$subdomain1', 
    '$subdomain2', '$position', '$country', '$city', 
    '$district', '$contact', '$set_up_date', '$address', '$phone', 
    '$areacode, '$website', '$fax', '$email')"); 

     echo "The company was successfully created."; 
    else { 
     echo "The company was not created."; 

    } 
    } 
    ?>

來源

2013-02-03 11:06:23

0 
INSERT INTO companies 
SET name = $name, 
    subdomain0 = $domain, 
    subdomain1 = $doamin1

來源

2013-02-03 11:11:37 Shushant

0

你必須要小心sql injections。你可以通過鏈接瞭解mysql_ *函數的其他選項,因爲它已被棄用。

還總是會嘗試通過使用mysql_error函數來打印出錯誤來找出錯誤。 (檢查鏈接的替代品,因爲這也是越來越廢棄)

來源

2013-02-03 11:14:51 nTony

相關問題

 相關問題