查看与您的MySQL服务器版本对应的手册,以了解使用near';马萨拉=';dsd&x27;甘巴尔=';kerusi.JPG'';在1号线
我想将记录添加到包含图片的表中。当我尝试添加时,它会显示此错误 您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解第1行“masalah=”dsd“和gambar=”kerusi.JPG“附近使用的正确语法 下面是代码查看与您的MySQL服务器版本对应的手册,以了解使用near';马萨拉=';dsd&x27;甘巴尔=';kerusi.JPG'';在1号线,mysql,Mysql,我想将记录添加到包含图片的表中。当我尝试添加时,它会显示此错误 您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解第1行“masalah=”dsd“和gambar=”kerusi.JPG“附近使用的正确语法 下面是代码 <?php session_start(); include("Connections/connection.php"); $date = $_POST['date']; $masalah = $_POST ['masalah']; $gambar =
<?php
session_start();
include("Connections/connection.php");
$date = $_POST['date'];
$masalah = $_POST ['masalah'];
$gambar = $_POST ['gambar'];
$student_id = $_POST['student_id'];
$status = 'pending';
/*session yg di call tok lecturer tu*/
$student_id = "SELECT * FROM student WHERE student_id ='".$_SESSION['student_id']."'" ;
$result=mysql_query($student_id);
$getstudentid = mysql_fetch_assoc($result);
$student_id = $getstudentid['student_id'];
/*take 3 data from rc */
$sql = "SELECT * FROM aduan WHERE date = '$date', masalah = '$masalah' AND gambar = '$gambar' ";
$rr = mysql_query($sql) or die(mysql_error());
$tt = mysql_num_rows($rr);
if($tt > 0) {
header("Location: borang_aduan2.php?error=2");
} else { /*to check tarikh*/
$tarikh_user = strtotime($date);
$tarikh_harini = strtotime(date('Y-m-d'));
if($tarikh_user < $tarikh_harini) {
//error
header("Location: borang_aduan2.php?error=1");
} else {
//$No = $num_rows+1;
/*$sql_const = mysql_query ("Select MAX(user_name)as id from lecturer")or die (mysql_error());
$rows = mysql_fetch_array ($sql_const);
$id = $rows ['id'];*/
/*insert data*/
mysql_query("INSERT INTO aduan (date, masalah, gambar, student_id )
VALUES('$date','$masalah', '$gambar','$student_id')")
or die('Error: ' .mysql_error($conn));
echo "<script type='text/javascript'>
alert('Thanks make a report!')
location.href='borang_aduan2.php'
</script>";
}
//Freeing all memory associated with it
mysql_free_result($result);
//Closes specified connection
mysql_close($conn);
}
?>
不要在两个字段选择标准之间使用“,”。因此,不是:
SELECT * FROM aduan WHERE date = '$date',
^^
使用
请注意,代码可能容易受到SQL注入的攻击。要修复此漏洞,当用户输入嵌入到查询中时,应将其转义。
SELECT * FROM aduan WHERE date = '$date' AND