0
信息上傳到數據庫中,我做了一個配方的網站我的PHP類。我唯一無法弄清楚的是如何讓用戶添加他們自己的配方。我創建了一個表格,但是當我點擊提交按鈕,我得到這個錯誤「您的SQL語法錯誤;檢查對應於您的MySQL服務器版本正確的語法使用近'份量手冊,‘形象’ )VALUES(NULL,「燕麥煎餅II」,「我這個做了我的孩子」,在1" 號線 我希望得到任何幫助!謝謝!MySQL的語法錯誤,而試圖用一種形式
<?php
// make a note of the current working directory relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// make a note of the location of the upload handler
$uploadHandler = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.processor.php';
// set a max file size for the html upload form
$max_file_size = 30000; // size in bytes
?>
<?php
//include functions
require_once('includes/functions.php'); ?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Add a Recipe</title>
<link href="Images/style.css" rel="stylesheet" type="text/css">
</head>
<?php
$name = isset($_POST['name']) ? $_POST['name'] : '';
$description = isset($_POST['description']) ? $_POST['description'] : '';
$ingredients = isset($_POST['ingredients']) ? $_POST['ingredients'] : '';
$preparation = isset($_POST['preparation']) ? $_POST['preparation'] : '';
$category_id = isset($_POST['category_id']) ? $_POST['category_id'] : '';
$servings = isset($_POST['servings']) ? $_POST['servings'] : '';
$image = isset($_POST['image']) ? $_POST['image'] : '';
//connect to database
require_once('includes/mysqli_connect_recipe.php');
//if submit button clicked
if(isset($_POST['submit'])){
$valid = true;
// require name, description, ingredients and preparation with at least 2 characters
if(strlen($name) < 2){
$valid = false;
echo "Please provide a valid recipe name.<br>";
}
if(strlen($description) < 2){
$valid = false;
echo "Please provide a valid description.<br>";
}
if(strlen($ingredients) < 10){
$valid = false;
echo "Please provide valid ingredients.<br>";
}
if(strlen($preparation) < 10){
$valid = false;
echo "Please provide valid instructions.<br>";
}
//sanitize servings
$servings = intval($servings); //force $servings to be a number (0 if a string is entered)
// sanitize against SQL injections (do this for every field that's coming from the form)
$name = mysqli_real_escape_string($dbc, $name);
$description = mysqli_real_escape_string($dbc, $description);
$ingredients = mysqli_real_escape_string($dbc, $ingredients);
$preparation = mysqli_real_escape_string($dbc, $preparation);
// sanitize against XSS attacks - DO THIS TO ALL FIELDS
$description = strip_tags($description);
$name = strip_tags($name);
$ingredients = strip_tags($ingredients);
$preparation = htmlspecialchars($preparation);
if($valid){
// insert SQL
$insert = "INSERT INTO `sburg5`.`recipes` (`recipe_id`, `name`, `description`, `ingredients`, `preparation`, `category_id`, 'servings', 'image')VALUES (NULL, '$name', '$description', '$ingredients', '$category_id', '$servings', '$image');";
// execute insert query
$result = mysqli_query($dbc, $insert) or die(mysqli_error($dbc));
echo "Thank you for submitting a recipe!";
// output recipe
while($row = mysqli_fetch_array($result)){
echo "<h3>{$row['name']}</h3>
<p><img src=\"data:image/jpeg;base64,' . base64_encode{$row['image']} . '\"></p>
<p>" . $row['description'] . "</p>
<p>" . nl2br($row['ingredients']) . "</p>
<a href=\"addarecipe_edit.php?recipe_id={$row['recipe_id']}\">[edit]</a>
<a href=\"addarecipe_delete.php?recipe_id={$row['recipe_id']}\">[delete]</a>
<hr>";
}
}
}
?>
<form id="Upload" action="<?php echo $uploadHandler ?>" enctype="multipart/form-data" method="post">
<p>
<label for="name">Recipe Name:</label>
<input type="text" name="name" id="name" >
</p>
<p>
<label for="servings">Servings:</label>
<input type="text" cols="50" name="servings" id="servings">
</p>
<p>
<label for="description">Description:</label>
<textarea rows="4" cols="50" name="description" id="description"></textarea>
</p>
<p>
<label>Type of Recipe:
<input type="radio" name="category_id" value="1" id="category_0" >Main Entree</label>
<label>
<input type="radio" name="category_id" value="2" id="category_1">Appetizer</label>
<label>
<input type="radio" name="category_id" value="3" id="category_2" >Side Dish</label>
<label>
<input type="radio" name="category_id" value="4" id="category_3" >Dessert</label>
</p>
<p>
<label for="ingredients">Ingredients:</label>
<textarea rows="10" cols="50" name="ingredients" id="ingredients" placeholder="Separate each ingredient with a return."></textarea>
</p>
<p>
<label for="preparation">Preparation:</label>
<textarea rows="10" cols="50" name="preparation" id="preparation"></textarea>
</p>
<p>
<input name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>" type="hidden">
<label for="file">File to upload:</label>
<input id="file" type="file" name="file">
<p class="submit">
<input type="submit" name="submit" value="Upload me!">
</form>
</p>
<?php
// close connection to database
mysqli_close($dbc); ?>
使用反引號'標識周圍,而不是'(或根本沒有,如果他們沒有保留字)。 – Wrikken
爲什麼你在'recipe_id'中插入'NULL'? – karthikr