【问题标题】:Insert formfields to SQL - Error将表单域插入 SQL - 错误
【发布时间】:2015-12-31 00:17:04
【问题描述】:

您好,我有一个包含 10 个字段的表单,我试图通过将它们发布到 PHP 页面上来将它们插入 SQL 数据库。连接启动正常,但返回以下错误:

错误:INSERT INTO 课程(姓名、教师、描述、班级、DAYONE、DAYTWO、DAYTHREE、STD1、STD2、STD3)VALUES (, , , , , , , , , ) 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 ' , , , , , , , , )' 附近使用正确的语法

include_once 'connect.php';   
// Create connection
$conn = new mysqli(HOST, USER, PASSWORD, DATABASE);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$name = $_POST['name'];
$teacher = $_POST['teacher'];
$description = $_POST['description'];
$class = $_POST['class'];
$dayone = $_POST['dayone'];
$daytwo = $_POST['daytwo'];
$daythree = $_POST['daythree'];
$std1 = $_POST['std1'];
$std2 = $_POST['std2'];
$std3 = $_POST['std3'];

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ($name, $teacher, $description, $class, $dayone, $daytwo, $daythree, $std1, $std2, $std3)";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

我还应该提到,数据库表还有一个名为 ID 类型 int(11) 的字段,它是 AUTO_INCREMENT,我希望每次插入新行时都会自动填充它。我错了吗?

编辑:在被询问后添加了 HTML 代码

<form name="registration_form" method="post" class="clearfix" action="create.php">
    <div class="form-group">
        <label for="name">NAME</label>
        <input type="text" class="form-control" id="name" placeholder="Course Name">
    </div>
    <div class="form-group">
        <label for="teacher">Teacher</label>
        <input type="text" class="form-control" id="teacher" placeholder="Teacher's Name">
    </div>
    <div class="form-group">
        <label for="description">Description</label>
        <textarea class="form-control" id="description" placeholder="Description"></textarea>
    </div>
    <div class="form-group">
        <label for="class">Class</label>
        <input type="text" class="form-control" id="class" placeholder="Class Name">
    </div>
    <div class="form-group">
        <label for="dayone">Day one</label>
        <input type="text" class="form-control" id="dayone" placeholder="Day One">
    </div>
    <div class="form-group">
        <label for="daytwo">Day two</label>
        <input type="text" class="form-control" id="daytwo" placeholder="Day Two">
    </div>
    <div class="form-group">
        <label for="daythree">Day three</label>
        <input type="text" class="form-control" id="daythree" placeholder="Day Three">
    </div>
    <div class="form-group">
        <label for="std1">std1</label>
        <input type="text" class="form-control" id="std1" placeholder="std1">
    </div>
    <div class="form-group">
        <label for="std2">std2</label>
        <input type="text" class="form-control" id="std2" placeholder="std2">
    </div>
    <div class="form-group">
        <label for="std1">std3</label>
        <input type="text" class="form-control" id="std3" placeholder="std3">
    </div>
    <div class="checkbox">
        <label>
            <input type="checkbox">I Understand <a href="#">Terms & Conditions</a>
        </label>
    </div>
    <button type="submit" class="btn pull-right">Create Course</button>
</form>

【问题讨论】:

  • 您确定这些字段不为空吗? var_dump($_POST); 是什么?另外,这很糟糕,你应该看看How can I prevent SQL-injection in PHP?
  • @FirstOne 是的兄弟 - “MySQL 返回了一个空结果集(即零行)。(查询耗时 0.0001 秒)”这就是“SELECT * FROM courses”返回的内容
  • 你说得对,id字段不需要处理,它会自动递增。为了获得更多帮助,我们需要查看您的 HTML 表单是如何设置的,以了解问题出在哪里
  • @FirstOne 我将创建会话,稍后我将致力于安全性,例如暴力攻击或注入 - 这是我现在最不关心的事情,我的首要任务是修复错误。
  • 你不应该使用sql-server 标签来回答与 Microsoft SQL Server 无关的问题

标签: php mysql


【解决方案1】:

这应该可以帮助您确定问题是否是未收到 POST 变量。

还有一点安全性。

// create an array of all possible input values
$input_array = array('name', 'teacher', 'description', 'class', 'dayone', 'daytwo', 'daythree', 'std1', 'std2', 'std3');

// create an input array to put any received data into for input to the database
$input_array = array();

include_once 'connect.php';   
    // Create connection
    $conn = new mysqli(HOST, USER, PASSWORD, DATABASE);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 


    // loop through the possible input values to check that a post variable has been received for each.. if received escape the data ready for input to the database
    foreach($input_array as $key => $value)
    {
    if(!isset($_POST[$value])) {
    die("no {$value} post variables received");
    }
    $input_array[$value] = mysqli_real_escape_string($conn, $_POST[$value]);
    }


    $sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('{$input_array['name']}', '{$input_array['teacher']}', '{$input_array['description']}', '{$input_array['class']}', '{$input_array['dayone']}', '{$input_array['daytwo']}', '{$input_array['daythree']}', '{$input_array['std1']}', '{$input_array['std2']}', '{$input_array['std3']}')";

    if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }

    $conn->close();

【讨论】:

    【解决方案2】:

    试试:

    $sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('".$name."', '".$teacher."', '".$description."', '".$class."', '".$dayone."', '".$daytwo."', '".$daythree."', '".$std1."', '".$std2."', '".$std3."')";
    

    另外,使用:

    $name = $conn->real_escape_string($_POST['name']);
    //etc
    

    同时在表单字段中添加名称:

    <input name="class" type="text" class="form-control" id="class" placeholder="Class Name">
    

    【讨论】:

    • 谢谢 - 成功消息已返回。真的很谢谢你。请你解释一下,既然我是新手,为什么我要在值之前和之后使用 '" . ?
    • 不客气。我也不是专业人士,但我认为这是因为需要将变量转换为字符串。就像我说的,我不是专业人士,但我过去曾遇到过这个问题,但通过反复试验解决了这个问题:)
    猜你喜欢
    • 2017-04-28
    • 1970-01-01
    • 1970-01-01
    • 2014-09-11
    • 1970-01-01
    • 2012-04-15
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多