JavaScript PHP$\u获取问题
所以我有一个JavaScript函数,它使用异步方法调用PHP文件。这是我的密码 JavaScriptJavaScript PHP$\u获取问题,javascript,php,mysql,Javascript,Php,Mysql,所以我有一个JavaScript函数,它使用异步方法调用PHP文件。这是我的密码 JavaScript var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback (xmlHttp.responseText); } xmlHttp.op
var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function() {
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
callback (xmlHttp.responseText);
}
xmlHttp.open("GET", "http://127.0.0.1/formulario/insertReporte.php?"+'nombreAlumno='+nombreAlumno+'&noCta='+noCta+'&semestre='+semestre, true);
xmlHttp.send(null);
<?php
$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";
$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ($nombreAlumno,$noCta,$semestre)";
if ($conn->query($sql) === TRUE) {
$last_id = $conn->insert_id;
echo $last_id;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
$nombreAlumno=$\u GET['nombreAlumno']当我得到这个错误时
在我的数据库中,nombreAlumno字段被声明为varchar
我知道我的连接工作正常,因为如果我将该行更改为$nombreAlumno=intval($\u GET['nombreAlumno'])它将0插入到我的数据库中
知道我做错了什么吗?试试这个
<?php
$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";
$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";
if ($conn->query($sql) === TRUE) {
$last_id = $conn->insert_id;
echo $last_id;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
您需要在值周围添加引号。在插入数据库之前,还要使用mysqli\u real\u escape\u string
,以防止sql注入
$nombreAlumno=mysqli_real_escape_string($conn, $nombreAlumno);
$noCta=mysqli_real_escape_string($conn, $noCta);
$semestre=mysqli_real_escape_string($conn, $semestre);
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";
即使我的变量$noCta和$semestre是整数,我也要添加真正的\u escape\u字符串吗?是的,为什么不!!在插入datanaseSo之前,请始终使用mysqli\u real\u escape\u string
,我这样做了,现在它既没有向数据库中插入任何内容,也没有抛出任何错误。echo$sql=“insert into infoalumno(nombreAlumno,noCta,noSemestre)值(““$nombreAlumno.”,“$noCta.”,“$semestre.”)并检查您的查询系统这只是我的服务器有点奇怪,重新启动它,它现在可以工作了,非常感谢!编辑:刚刚获得了15个声誉,所以我绝对是得票最多的。:)omar是一个字符串,将其放入“omar”(单引号)