PHP SQL - 插入表格

Question

我有一個問題親愛的stackoverflowers，有人可以幫我嗎？

這是我的代碼：

<?php 
    $host = "localhost"; 
    $user = "root"; 
    $pass = "password"; 
    $db = "hotelcalifornia"; 

    $room_Number  = ($_POST['Room_Number']); 
    $room_Category = ($_POST['Room_Category']); 
    $room_Description = ($_POST['Room_Description']); 
    $room_Detail  = ($_POST['Room_Detail']); 

    $conn = mysql_connect($host, $user, $pass); 
    $db = mysql_select_db($db, $conn); 

    mysql_select_db($db, $conn); 

    $sql = "INSERT TO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES ('$room_Number','$room_Category', '$room_Description','$room_Detail')"; 

    mysql_query($sql, $conn);   

?> 

誰能告訴我爲什麼我不能在這個數據庫中的數據插入到我的表？

Answer 1

這不是INSERT TO，它是INSERT INTO。因此，您不應該使用mysql函數，而應該使用mysqli函數，因爲您的代碼容易受到SQL注入的影響。

$host = "localhost"; 
$user = "root"; 
$pass = "password"; 
$db = "hotelcalifornia"; 

$conn = new mysqli($host, $user, $pass, $db); 

$room_Number  = $_POST['Room_Number']; 
$room_Category = $_POST['Room_Category']; 
$room_Description = $_POST['Room_Description']; 
$room_Detail  = $_POST['Room_Detail']; 

$sql = "INSERT INTO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES (?,?,?,?)"; 
$stmt = $conn->prepare($sql); 
$stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail); 
if ($stmt->execute()) { 
    if($stmt->affected_rows > 0){ 
     echo "New record created successfully"; 
    } 
} else { 
    echo "Error: " . $sql . "<br>" . $stmt->error; 
} 
$stmt->close(); 

在這幾行$stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail);i對應於其中s由變量，我假設$room_Number和$room_Category是整數值，其中$room_Description和$room_Detail是字符串值的順序對應於字符串中的整數。