Php Mysql insert语句未在数据库中插入数据
我的MySQL查询应该插入表单中输入的数据。没有给出错误。我看这个代码绝对没有错。我以前在其他表中使用过这段代码,它工作正常。请忽略isset以进行更新。那是为了别的。writerID、illustratorID和publisherName是来自不同表的外键。这可能是问题所在吗Php Mysql insert语句未在数据库中插入数据,php,html,mysql,database,forms,Php,Html,Mysql,Database,Forms,我的MySQL查询应该插入表单中输入的数据。没有给出错误。我看这个代码绝对没有错。我以前在其他表中使用过这段代码,它工作正常。请忽略isset以进行更新。那是为了别的。writerID、illustratorID和publisherName是来自不同表的外键。这可能是问题所在吗 <?php $servername = "localhost"; $username = "root"; $password = ""; $dbname = "graphicnoveldb"; $conn =
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "graphicnoveldb";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// get results from database
if(isset($_POST['update'])){
$UpdateQuery = "Update graphicnovel Set
graphicNovelTitle='$_POST[graphicnoveltitle]',
genre='$_POST[genre]',
synopsis='$_POST[synopsis]',
review='$_POST[review]',
rating='$_POST[rating]',
writerID='$_POST[writerID]',
illustratorID='$_POST[illustratorID]',
coverPage='$_POST[coverpage]'
Where graphicNovelTitle='$_POST[hidden]'";
mysqli_query($conn,$UpdateQuery);
};
if(isset($_POST['add'])){
$AddQuery = "Insert into graphicnovel (graphicNovelTitle, genre, synopsis, review, rating, writerID, illustratorID, publisherName, datePublished, coverPage)
Values('$_POST[ugraphicnoveltitle]',
'$_POST[ugenre]',
'$_POST[usynopsis]',
'$_POST[ureview]',
'$_POST[urating]',
'$_POST[uwriterID]',
'$_POST[uillustratorID]',
'$_POST[upublishername]',
'$_POST[udatepublished]',
'$_POST[ucoverpage]')";
mysqli_query($conn,$AddQuery);
};
$sql="SELECT * FROM graphicnovel";
$result = mysqli_query($conn,$sql);
echo "<table>";
echo "<form action = ModifyGraphicNovel.php method =post>";
echo"<tr><th>New Graphic Novel Title</th>";
echo '<td><input type=text name= ugraphicnoveltitle></td></tr>';
echo"<tr><th>New Genre</th>";
echo '<td><input type=text name= ugenre></td></tr>';
echo"<tr><th>New Synopsis</th>";
echo '<td><textarea name= usynopsis rows = 5 cols = 70 border =5 value=></textarea></tr>';
echo"<tr><th>New Review</th>";
echo '<td><textarea name= ureview rows = 5 cols = 70 border =5 value=></textarea></tr>';
echo"<tr><th>New Rating</th>";
echo '<td><input type=text name= urating></td></tr>';
echo"<tr><th>New Writer ID</th>";
echo '<td><input type=text name= uwriterID></td></tr>';
echo"<tr><th>New Illustrator ID</th>";
echo '<td><input type=text name= uillustratorID></td></tr>';
echo"<tr><th>New Publisher Name</th>";
echo '<td><input type=text name= upublishername></td></tr>';
echo"<tr><th>New Date Published</th>";
echo '<td><input type=date name= udatepublished></td></tr>';
echo"<tr><th>New Coverpage</th>";
echo '<td><input type=text name= ucoverpage></td></tr>';
echo '<tr><td>' . "<input type = submit name=add value=add" . ' </td></tr>';
echo "</form>";
echo "</table>";
// close table>
$conn->close();
?>
如上所述,必须在数组键周围使用引号,并且当数组位于带引号的字符串中时,也必须始终在数组周围使用大括号
应该防止使用转义或更好的绑定参数进行SQL注入。这将使第一个问题变得更容易
if(isset($\u POST['add'])){
$AddQuery=$conn->prepare(“插入到graphicNovelTitle(graphicNovelTitle),
类型、概要、评论、评级、编剧、插图、,
publisherName,datePublished,coverPage)值(?,,,,,,,,,,,,,,,,,)”;
$addQuery->bind_参数($_POST['ugraphic noveltitle'],
$\u POST['ugenre'],
$\u POST['usynopsis'],
$\u POST['ureview'],
$\u POST['urating'],
$\u POST['uwriterID'],
$\u POST['uillustratorID'],
$\u POST['uppublishername'],
$\u POST['udatepublished'],
$_POST['ucoverpage']);
$addQuery->execute();
printf(“%d行插入。\n”,$addQuery->受影响的行);
$addQuery->close();
}
“我看这段代码绝对没有错”
-你的意思是除了明显的SQL注入漏洞和完全没有错误检查之外?@Davidif($conn->connect\u error){die
--嗯,不完整,但无论如何…@AlanMachado:True,OP确实会检查数据库交互中最不可能失败的错误。但是,当执行任何用户想执行的代码时,都不会检查错误。@David是的,我给你这个。然后,php.ini可能会让错误保持不变。d你知道我可以用什么支票支付$AddQuery吗?如何?