1. 首頁
  2. 問答
  3. 我的價值沒有被插入到數據庫使用這個命令

我的價值沒有被插入到數據庫使用這個命令

2017-07-04 66 views
-2 
$sql="INSERT INTO prescription 
     (username,phone,procedure,address,emailid,reviews,followups,nextappointment) 
     VALUES 
     ("$username","$phone","$procedure","$address","$emailid","$reviews",$followups,"$nextappointment")";

來源

2017-07-04 yash

+0

這裏空白條目在db? –

+0

您需要轉義SQL查詢中的雙引號 –

+1

**不要**直接將變量插入到像這樣的SQL查詢中;您必須首先使用['mysqli_real_escape_string'](https://secure.php.net/manual/en/mysqli.real-escape-string.php)進行轉義,或者使用[預先準備的語句](https:// secure.php.net/manual/en/mysqli.quickstart.prepared-statements.php)(否則你的代碼是[致命的不安全](https://secure.php.net/manual/en/security.database.sql- injection.php))。 – Frxstrem

回答

-1

你應該改變「」是否知道應該改變單引號''。

例如下面:

$sql = 'INSERT INTO prescription(username,phone,procedure,address,emailid,reviews,followups,nextappointment) 
    VALUES("$username","$phone","$procedure","$address","$emailid","$reviews",$followups,"$nextappointment")';

希望它會幫助你

來源

2017-07-04 09:18:45

-1

你的引號是錯誤的, 使用值單引號( ''), 你對你的IDE得到錯誤。或者如果您只是複製並在數據庫上運行。

$sql = "INSERT INTO prescription(username,phone,procedure,address,emailid,reviews,followups,nextappointment)VALUES('$usernam','$phone','$procedure','$address','$emailid','$reviews','$followups','$nextappointment')";

來源

2017-07-04 09:23:11

+0

它顯示錯誤 – yash

+0

基本上插入命令 – yash

+0

mysql語法錯誤 – yash

-1

檢查您插入INTO查詢:

$sql = "INSERT INTO prescription (username,phone,procedure,address,emailid,reviews,followups,nextappointment) 
           VALUES('$username','$phone','$procedure','$address','$emailid','$reviews',$followups,'$nextappointment')";

注:檢查:https://www.w3schools.com/sql/sql_insert.asp

來源

2017-07-04 09:24:18

2

我想我你的問題s在引號中,你在雙引號內有雙引號,你應該避開引號或使用單引號。

簡單而簡單的事情就是使用準備好的語句。

我不知道您在使用該API PDO/MSQLI

,如果你在PDO:

<?php 

$sql =$databaseConnectionVar->prepare("INSERT INTO prescription(username,phone,procedure,address,emailid,reviews,followups,nextappointment)VALUES(?,?,?,?,?,?,?,?)") 
     ->execute(array($username,$phone,$procedure,$address,$emailid,$reviews,$followups,$nextappointment)); 

if(!$sql){ 

    print_r($databaseConnectionVar->errorInfo()); 
}else{ 

    echo "data inserted"; 
} 
?>

,如果你是mysqli的,則:

<?php 

$sql =$databaseConnectionVar->prepare("INSERT INTO prescription(username,phone,procedure,address,emailid,reviews,followups,nextappointment)VALUES(?,?,?,?,?,?,?,?)"); 
$sql->bind_Param("ssssssss",$username,$phone,$procedure,$address,$emailid,$reviews,$followups,$nextappointment); 

if($sql->execute()){ 

    echo "data inserted"; 
}else{ 

    echo "Error : ". $databaseConnectionVar->error; 
} 
?>

那麼重要環節你需要看看:

  1. How to get mysqli error in different environments?

  2. When to use single quotes, double quotes, and backticks in MySQL

  3. When should I use prepared statements?
  4. Prepared Statements

希望這將指向你在正確的道路。

來源

2017-07-04 09:24:58

相關問題

 相關問題