尝试插入值时在第1行出现MySQL错误
PHP脚本:尝试插入值时在第1行出现MySQL错误,mysql,insert,Mysql,Insert,PHP脚本: <?php include('connect.php'); if (isset($_POST['project_name'])){ $name = $_POST['project_name']; $date = $_POST['date']; $amount = $_POST['amount']; $curr = $_POST['curr']; $spec = $_POST['spec']; $SQL = "INSERT IN
<?php
include('connect.php');
if (isset($_POST['project_name'])){
$name = $_POST['project_name'];
$date = $_POST['date'];
$amount = $_POST['amount'];
$curr = $_POST['curr'];
$spec = $_POST['spec'];
$SQL = "INSERT INTO projects (name, date, currency, amount, specifications) VALUES '$name','$date','$amount','$curr','$spec'" or die(mysql_error()."update failed");
$insert = mysql_query($SQL);
if($insert){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
} else {
?>
A HTML FORM HERE
<?php
}
?>
添加(
在值之后插入时,给定行的值必须用括号括起来
INSERT INTO projects (name, date, currency, amount, specifications) VALUES
('$name','$date','$amount','$curr','$spec')
为了记住这一点,您只需记住,INSERT
允许添加几行,这就是为什么每行都必须用括号分隔的原因:
-- Just for the example, insert 3 time the same row
INSERT INTO projects (name, date, currency, amount, specifications) VALUES
('$name','$date','$amount','$curr','$spec'),
('$name','$date','$amount','$curr','$spec'),
('$name','$date','$amount','$curr','$spec');
顺便说一句,请注意,使用字符串插值生成查询是SQL注入的主要风险。有关详细信息,请参阅。您忘记了insert语句中的(
&)
:
$SQL = "INSERT INTO projects (name, date, currency, amount, specifications)
VALUES
('$name','$date','$amount','$curr','$spec')" or die(mysql_error()."update failed");
如果您要指出SQL注入的问题,请添加转义调用以解决问题。请在编写更多SQL接口代码之前,您必须仔细阅读以避免出现严重问题。此外,mysql\u query
不应在新应用程序中使用。这是一个不推荐使用的接口,将从P的未来版本中删除现代的替代品,如和,将使您的数据库代码更容易得到正确的。
$SQL = "INSERT INTO projects (name, date, currency, amount, specifications)
VALUES
('$name','$date','$amount','$curr','$spec')" or die(mysql_error()."update failed");