PHP創建再插入數據錯誤

Question

我插入到數據庫時遇到錯誤，這裏是我使用

class DB_Functions 
{ 

private $db; 

//put your code here 
// constructor 
function __construct() { 
    require_once 'DB_Connect.php'; 
    // connecting to database 
    $this->db = new DB_Connect(); 
    $this->db->connect(); 
} 

// destructor 
function __destruct() { 

} 

/** 
* Storing new user 
* returns user details 
*/ 
public function storeUnit($email, $unit, $maint, $attent, $done) { 
    $con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die (mysql_error()); 
    mysql_select_db(DB_DATABASE, $con); 
    $var = mysql_query('select 1 from `table_name`'); 
    if ($var !== FALSE){ 
     $format = 'Y-m-d G:i:s'; 
     $date = date($format); 
     mysql_query("CREATE TABLE '$email'(Col1 VARCHAR, Col2 VARCHAR,Col3 VARCHAR, Col4 VARCHAR, Col5 VARCHAR),$con"); 
     $result = mysql_query("INSERT INTO '$email'(Col1, Col2 ,Col3 , Col4 , Col5) VALUES('$unit', '$done', '$attent', '$maint', '$date')"); 
    } else { 
     $result = mysql_query("INSERT INTO '$email'(Col1, Col2 ,Col3 , Col4 , Col5) VALUES('$var2', '$var3', '$var4', '$var5', '$date')"); 
    } 

    // check for successful store 
    if ($result) { 
     // get unit details 
     $uid = mysql_insert_id(); // last inserted id 
     $result = mysql_query("SELECT * FROM users WHERE Col1 = $var2"); 
     // return unit details 
     return mysql_fetch_array($result); 
    } else { 
     return false; 
    } 
} 

Answer 1

錯誤的代碼在這裏

mysql_query("CREATE TABLE '$email'(Col1 VARCHAR, Col2 VARCHAR,Col3 VARCHAR, 
       Col4 VARCHAR, Col5 VARCHAR),$con"); 
              ^this one 

變量$con不應該被包含在字符串上

mysql_query("CREATE TABLE '$email'(Col1 VARCHAR, Col2 VARCHAR,Col3 VARCHAR, 
       Col4 VARCHAR, Col5 VARCHAR)",$con); 

另一件事是你創建一個數據類型爲i的列s varchar但您沒有指定其容量。它應該是

CREATE TABLE '$email'(Col1 VARCHAR(50), .... 

附加信息有關從SQL INJECTION預防：

Best way to prevent SQL injection in PHP