1. 首頁
  2. 問答
  3. 爲什麼我想出一個語法錯誤?

爲什麼我想出一個語法錯誤?

2017-06-11 65 views
-1

我想通過一個HTML頁面的職員添加到我的數據庫,但它一直想出這個錯誤爲什麼我想出一個語法錯誤?

Query error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '', 'password4')' at line 1

這裏是我的HTML代碼

<form method="post" action="add_staff.php"> 
 
     
 
     <p>Staff Identification Number (SID):</p><input type="text" name="sid" required><br> 
 
     
 
     <p>First Name:</p><input type="text" name="sfirstname" required><br> 
 
     
 
     <p>Last Name:</p><input type="text" name="slastname" required><br> 
 
     
 
     <p>Phone:</p><input type="tel" name="phone" required><br> 
 
     
 
\t \t <p>Email:</p><input type="email" name="semail"><br> 
 
     
 
     <p>User Priveledge Number:</p><input type="text" name="privledgeno" required><br> 
 
     
 
     <p>Username:</p><input type="text" name="username"><br> 
 
     
 
     <p>Password:</p><input type="text" name="password"><br> 
 
     
 
     <br><br> 
 
     
 
     <input id ="input_submit" type="submit" value="Submit"> 
 
     <input id ="input_reset" type="reset"> 
 
    </form> 
 


And this is my php code 
<?php 
// MySQL Database Connect 
require_once("connection.php"); 

// Read the values from the form 
$SID =$_POST['sid']; 
$S_Firstname = $_POST['sfirstname']; 
$S_Lastname = $_POST['slastname']; 
$S_Phone = $_POST['phone']; 
$S_Email = $_POST['semail']; 
$User_privledge_no = $_POST['privledgeno']; 
$S_Username = $_POST['username']; 
$S_Password = $_POST['password']; 

// escape variables for security 
$S_Firstname = mysqli_real_escape_string($conn, $S_Firstname); 
$S_Lastname = mysqli_real_escape_string($conn, $S_Lastname); 
$S_Phone = mysqli_real_escape_string($conn, $S_Phone); 
$S_Email = mysqli_real_escape_string($conn, $S_Email); 
$User_privledge_no = mysqli_real_escape_string($conn,$User_privledge_no); 
$S_Username = mysqli_real_escape_string($conn, $S_Username); 
$S_Password = mysqli_real_escape_string($conn, $S_Password); 

// create the INSERT query 
$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email, User_privledge_no, S_Username, S_Password) VALUES  ('$SID','$S_Firstname', '$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', $S_Username', '$S_Password')"; 
$results = mysqli_query($conn, $query); 
if(!$results) { 
echo ("Query error: " . mysqli_error($conn)); 
exit; 
} 
else { 
// Redirect the browser window back to the add customer page 
header("location: ../add_cust.html"); 
} 
?>

謝謝

來源

2017-06-11 Taylor

+0

請參閱有關parametrised查詢 – Strawberry

回答

1

因爲您在$S_Username之前忘了單引號。更改$query

$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email, 
User_privledge_no, S_Username, S_Password) VALUES  ('$SID','$S_Firstname', 
'$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', '$S_Username', 
'$S_Password')";

來源

2017-06-11 06:55:09

+0

哦,我的天哪太感謝你了,我一直在這個整天和無法弄清楚,爲什麼它不工作。我知道這很簡單。再次感謝! – Taylor

1

有時我們忘記任何語法和某個時候花太多時間來解決這個問題。有時我們應該使用一些技巧來防止這種錯誤,這裏我用來防止。

$array = [ 
      "SID" => $SID, 
      "S_Firstname" => $S_Firstname, 
      "S_Lastname" => $S_Lastname, 
      "S_Phone" => $S_Phone, 
      "S_Email" => $S_Email, 
      "User_privledge_no" => $User_privledge_no, 
      "S_Username" => $S_Username, 
      "S_Password" => $S_Password, 
     ]; 

$colums = implode('`, `', array_keys($array)); // columns 
$data = implode("', '", $array); // data 
$sql "INSERT INTO staff (`".$colums."`) VALUES ('".$data."')"; // you can do inline code too

來源

2017-06-11 07:20:44

相關問題

 相關問題