1. 首頁
  2. 問答
  3. 插入formfields到SQL - 錯誤

插入formfields到SQL - 錯誤

2015-12-30 93 views
0

嗨,所以我有一個表單有10個字段,我試圖通過發佈他們在PHP頁面上插入他們的SQL數據庫。連接啓動正常,但它返回的錯誤如下:插入formfields到SQL - 錯誤

Error: INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES (, , , , , , , , ,) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , ,)' at line 1

include_once 'connect.php'; 
// Create connection 
$conn = new mysqli(HOST, USER, PASSWORD, DATABASE); 
// Check connection 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 

$name = $_POST['name']; 
$teacher = $_POST['teacher']; 
$description = $_POST['description']; 
$class = $_POST['class']; 
$dayone = $_POST['dayone']; 
$daytwo = $_POST['daytwo']; 
$daythree = $_POST['daythree']; 
$std1 = $_POST['std1']; 
$std2 = $_POST['std2']; 
$std3 = $_POST['std3']; 

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ($name, $teacher, $description, $class, $dayone, $daytwo, $daythree, $std1, $std2, $std3)"; 

if ($conn->query($sql) === TRUE) { 
    echo "New record created successfully"; 
} else { 
    echo "Error: " . $sql . "<br>" . $conn->error; 
} 

$conn->close();

我還要提到的是,數據庫表有一個多場名爲ID類型爲int(11),這是AUTO_INCREMENT,我希望它是自動每次插入新行時都會填充。我錯了嗎?

編輯:添加HTML代碼,因爲它已被要求

<form name="registration_form" method="post" class="clearfix" action="create.php"> 
    <div class="form-group"> 
     <label for="name">NAME</label> 
     <input type="text" class="form-control" id="name" placeholder="Course Name"> 
    </div> 
    <div class="form-group"> 
     <label for="teacher">Teacher</label> 
     <input type="text" class="form-control" id="teacher" placeholder="Teacher's Name"> 
    </div> 
    <div class="form-group"> 
     <label for="description">Description</label> 
     <textarea class="form-control" id="description" placeholder="Description"></textarea> 
    </div> 
    <div class="form-group"> 
     <label for="class">Class</label> 
     <input type="text" class="form-control" id="class" placeholder="Class Name"> 
    </div> 
    <div class="form-group"> 
     <label for="dayone">Day one</label> 
     <input type="text" class="form-control" id="dayone" placeholder="Day One"> 
    </div> 
    <div class="form-group"> 
     <label for="daytwo">Day two</label> 
     <input type="text" class="form-control" id="daytwo" placeholder="Day Two"> 
    </div> 
    <div class="form-group"> 
     <label for="daythree">Day three</label> 
     <input type="text" class="form-control" id="daythree" placeholder="Day Three"> 
    </div> 
    <div class="form-group"> 
     <label for="std1">std1</label> 
     <input type="text" class="form-control" id="std1" placeholder="std1"> 
    </div> 
    <div class="form-group"> 
     <label for="std2">std2</label> 
     <input type="text" class="form-control" id="std2" placeholder="std2"> 
    </div> 
    <div class="form-group"> 
     <label for="std1">std3</label> 
     <input type="text" class="form-control" id="std3" placeholder="std3"> 
    </div> 
    <div class="checkbox"> 
     <label> 
      <input type="checkbox">I Understand <a href="#">Terms & Conditions</a> 
     </label> 
    </div> 
    <button type="submit" class="btn pull-right">Create Course</button> 
</form>

來源

2015-12-30 George Chareas

+0

你確定你的字段不是空的嗎?什麼是'var_dump($ _ POST);'?此外,這是非常糟糕的,你應該看看[我怎樣才能防止SQL注入在PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection- in-php?rq = 1) – FirstOne

+0

@FirstOne是兄弟 - 「MySQL返回了一個空結果集(即零行)(查詢花了0.0001秒)」那是什麼「SELECT * FROM'courses'」返回 –

+0

你是對的,id字段不需要處理,因爲它會自動增加。爲了進一步提供幫助,我們需要了解如何設置HTML表單以查看問題的出處 – bhooks

回答

0

這應該可以幫助您確定問題是否未收到POST變量。

還有一點安全性。

// create an array of all possible input values 
$input_array = array('name', 'teacher', 'description', 'class', 'dayone', 'daytwo', 'daythree', 'std1', 'std2', 'std3'); 

// create an input array to put any received data into for input to the database 
$input_array = array(); 

include_once 'connect.php'; 
    // Create connection 
    $conn = new mysqli(HOST, USER, PASSWORD, DATABASE); 
    // Check connection 
    if ($conn->connect_error) { 
     die("Connection failed: " . $conn->connect_error); 
    } 


    // loop through the possible input values to check that a post variable has been received for each.. if received escape the data ready for input to the database 
    foreach($input_array as $key => $value) 
    { 
    if(!isset($_POST[$value])) { 
    die("no {$value} post variables received"); 
    } 
    $input_array[$value] = mysqli_real_escape_string($conn, $_POST[$value]); 
    } 


    $sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('{$input_array['name']}', '{$input_array['teacher']}', '{$input_array['description']}', '{$input_array['class']}', '{$input_array['dayone']}', '{$input_array['daytwo']}', '{$input_array['daythree']}', '{$input_array['std1']}', '{$input_array['std2']}', '{$input_array['std3']}')"; 

    if ($conn->query($sql) === TRUE) { 
     echo "New record created successfully"; 
    } else { 
     echo "Error: " . $sql . "<br>" . $conn->error; 
    } 

    $conn->close();

來源

2015-12-30 16:17:04

-1

嘗試:

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('".$name."', '".$teacher."', '".$description."', '".$class."', '".$dayone."', '".$daytwo."', '".$daythree."', '".$std1."', '".$std2."', '".$std3."')";

此外,使用:

$name = $conn->real_escape_string($_POST['name']); 
//etc

同時添加名稱到您的窗體字段:

<input name="class" type="text" class="form-control" id="class" placeholder="Class Name">

來源

2015-12-30 16:04:30 NOJ75

+0

謝謝 - 成功的消息已經返回,真的謝謝你,請問我可以向我解釋,因爲我是新手爲什麼要使用''。之前和之後的值? –

+0

非常歡迎。我不是專業人士,但我認爲這是因爲變量需要變成字符串。就像我說的,我不是專業人士,但我過去曾經遇到過這個問題,但是通過試驗和錯誤計算出來:) – NOJ75

+0

太棒了:)非常感謝你! –

相關問題

 相關問題