SQL插入不起作用

Question

爲什麼不這麼簡單的插入工作？沒有插入的唯一價值是$ streamName中，如果我刪除代碼值，則一切正常，下面的代碼：

$userId= $_SESSION['kt_login_id']; 
$streamName= $_GET['streamName']; 
$streamDuration= $_GET['streamDuration']; 
$recorderId= $_GET['recorderId']; 

$con = mysql_connect("localhost","wwwmeety_staff","xxxxxx"); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("wwwmeety_ourstaff", $con); 

mysql_query("INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id) 
VALUES ($userId, $streamName, $streamDuration, $recorderId)"); 


mysql_close($con); 

和MySQL出口

CREATE TABLE IF NOT EXISTS `recordedvideos` (
    `record_id` int(11) NOT NULL AUTO_INCREMENT, 
    `user_id` int(11) DEFAULT NULL, 
    `streamName` text, 
    `record_duration` text, 
    `recorder_id` text, 
    PRIMARY KEY (`record_id`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; 

Answer 1

你忘了引號的字符串。

mysql_query(
     "INSERT INTO recordedvideos 
     (user_id, streamName, record_duration, recorder_id) VALUES 
     ($userId, '$streamName', '$streamDuration', '$recorderId')" 
      ); 

但是爲了避免SQL注入，優選這種方法：http://php.net/manual/en/function.mysql-query.php

$query = sprintf("INSERT INTO recordedvideos 
    (user_id, streamName, record_duration, recorder_id) VALUES 
    ($userId, '%s', '%s', '%s')", 
    mysql_real_escape_string($streamName), 
    mysql_real_escape_string($streamDuration), 
    mysql_real_escape_string($recorderId) 
); 

mysql_query($query); 

Answer 2

的mysql_query（「INSERT INTO recordedvideos（USER_ID，streamName中，record_duration，recorder_id） VALUES（$用戶id， '$ streamName中' ，'$ streamDuration'，'$ recorderId'）「）;

將單引號放在字符串類型值周圍。

Answer 3

你必須enclose string fields with single quotes

INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id) 
VALUES ($userId, '$streamName', '$streamDuration', '$recorderId')