Php 如何使用Textarea将这些数据存储在数据库中?
我收到以下错误消息:Php 如何使用Textarea将这些数据存储在数据库中?,php,html,mysql,Php,Html,Mysql,我收到以下错误消息: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Hello World'; ?>')' at line 1 我希望存储以下数据: <?php echo 'Hello World'; ?> 使用这两种方法对我不起作用: htmlspec
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Hello World'; ?>')' at line 1
<?php echo 'Hello World'; ?>
htmlspecialchars();
htmlentities();
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<textarea name="post" value=""></textarea>
<br/>
<input type="submit" name="submit"/>
</form>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
有什么建议吗?代码应该是这样的:
// first of all, make sure 'post' is set - don't let PHP guessing what to when it's not set.
if(isset($_POST['post'])){
$post = $_POST['post'];
}else{
$post = '';
}
// this is your SQL QUERY. Never, ever, ever, throw data in sql queries
$tqs = $mysqli->prepare('INSERT INTO ttn03 (post) VALUES (?)');
// this is how to pass data to the statement
$statement->bind_param('s', $post);
// execute the statement and prints errors
if(!$statement->execute()){
die('Error '. $mysqli->errno .': '. $mysqli->error);
}
// close statement
$statement->close();
您可以在这里找到一些优秀的文档和示例: 停止在SQL查询中抛出数据。我不知道是谁让你想到直接在SQL中抛出
$post<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
// first of all, make sure 'post' is set - don't let PHP guessing what to when it's not set.
if(isset($_POST['post'])){
$post = $_POST['post'];
}else{
$post = '';
}
// this is your SQL QUERY. Never, ever, ever, throw data in sql queries
$tqs = $mysqli->prepare('INSERT INTO ttn03 (post) VALUES (?)');
// this is how to pass data to the statement
$statement->bind_param('s', $post);
// execute the statement and prints errors
if(!$statement->execute()){
die('Error '. $mysqli->errno .': '. $mysqli->error);
}
// close statement
$statement->close();