0
當日期需要插入到mysql表,它提示這個錯誤 -PHP MYSQL插入日期語法
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','2013-09-11','1', NULL)' at line 2
這是我的源代碼:
if(isset($_POST['submitsub']))
{
$stuid = $_POST['stuid'];
$stuname = $_POST['stuname'];
$stuemail = $_POST['stuemail'];
$stumajor = $_POST['stumajor'];
$appdate = date("Y-m-d");
$appointment = $_POST['date'];
$subno = $_POST['subject'];
$appstatus = 1;
$tri = mysqli_fetch_assoc(mysqli_query($con,"SELECT this_tri FROM trimester"));
$sql = "INSERT INTO application_subject (app_no, tri_id, sub_id, stu_id, stu_name, stu_email, stu_major, app_date, appointment_date, app_status, app_remark)
VALUES (NULL,'$tri[this_tri]','$subno','$stuid','$stuname','$stuemail','$stumajor',$appdate','$appointment','$appstatus', NULL)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo'<script>alert("Your application has been submited") </script>';
ob_flush();
}
在我的MySQL,的屬性已經設定爲日期。
一方面,您在'$ appdate''之前缺少一個報價。另一方面 - 你使用的是mysqli,那麼你爲什麼不使用準備好的語句? – andrewsi
您對sql注入攻擊很有信心,可以考慮使用參數化查詢或至少在您的輸入上調用mysqli_real_escape_string。 – Orangepill