執行INSERT查詢時「錯誤：'字段列表'中的錯誤：未知列'Connor'

Question

以下是根據用戶在表單中輸入的內容註冊用戶的函數。

function register($firstname, $lastname , $email, $password, $password2){ 
     // check if the first password is allowed 
     if(!checkLogin($email, $password)){ 
     echo "checklogin failed"; 
     return false; 
    } 

     // check if two passwords are equal 
    if(strcmp($password, $password2) != 0){ 
     echo "passwords rent the same"; 
     return false; 
    } 

    // explode the email into two pieces 
    $email = explode('@' , $email); 
    echo "" . $email[0] . " and " . $email[1] . ""; 
    $insertemail = "$email[0]-" . "$email[1]"; 
    echo "" . $insertemail . ""; 

    // connect to database and insert values 
    require("db.inc.php"); 
    $query = "INSERT into users set 
     firstname = ".mysqli_real_escape_string($link, $firstname) ." , 
     lastname = ".mysqli_real_escape_string($link, $lastname) ." , 
     email = ".mysqli_real_escape_string($link, $insertemail) ." , 
     password = ".mysqli_real_escape_string($link, $password) ." "; 
    $result = mysqli_query($link, $query) 
      or die("Error: " . mysqli_error($link)); 
    // check the query worked 
    if(!result){ 
     return false; 
    } 

    return true; 

} 

我不確定這是否有幫助，但'Connor'值是我輸入到表單中的值，並存儲在$ firstname中。

Answer 1

您需要包圍你的SQL查詢與報價文本值，更何況你的INSERT語法是有點過：

$query = "INSERT INTO users (firstname, lastname, email, password) VALUES 
      ( 
       '" . mysqli_real_escape_string($link, $firstname) . "' , 
       '" . mysqli_real_escape_string($link, $lastname) . "' , 
       '" . mysqli_real_escape_string($link, $insertemail) . "' , 
       '" . mysqli_real_escape_string($link, $password) . "' 
      ) ";