Php 试图保存用户信息时出错
我正在尝试保存存储在SQL中的信息,但不断出现此错误:“保存数据时出错。您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解第6行“company=”GlobalTop Inc.“where regid=1”附近使用的正确语法”错误是什么 以下是完整的代码:Php 试图保存用户信息时出错,php,Php,我正在尝试保存存储在SQL中的信息,但不断出现此错误:“保存数据时出错。您的SQL语法有错误;请查看与MySQL服务器版本对应的手册,以了解第6行“company=”GlobalTop Inc.“where regid=1”附近使用的正确语法”错误是什么 以下是完整的代码: <!doctype html> <html> <head> <meta charset="utf-8"> <title>Untitled Document</
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<?php
include "db.php";
$gresult = ''; //declare global variable
//Start of edit contact read
if(isset($_POST["action"]) and $_POST["action"]=="edit"){
$id = (isset($_POST["ci"])? $_POST["ci"] : '');
$sql = "select regid, regname,
address, phone,
email,company from tblregistrants
where regid = $id";
$result = mysqli_query($link, $sql);
if(!$result)
{
echo mysqli_error($link);
exit();
}
$gresult = mysqli_fetch_array($result);
include 'update.php';
exit();
}
//Insert or Update contact information
if(isset($_POST['action_type']))
{
if ($_POST['action_type'] == 'add' or $_POST['action_type'] == 'edit')
{
//Sanitize the data and assign to variables
$regid = mysqli_real_escape_string($link, strip_tags($_POST['regid']));
$regname = mysqli_real_escape_string($link, strip_tags($_POST['regname']));
$phone = mysqli_real_escape_string($link, strip_tags($_POST['phone']));
$address = mysqli_real_escape_string($link, strip_tags($_POST['address']));
$email = mysqli_real_escape_string($link, strip_tags($_POST['email']));
$company = mysqli_real_escape_string($link, strip_tags($_POST['company']));
if ($_POST['action_type'] == 'add')
{
$sql = "insert into tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email'
company = '$company'";
}else{
$sql = "update tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email'
company = '$company'
where regid = $regid";
}
if (!mysqli_query($link, $sql))
{
echo 'Error Saving Data. ' . mysqli_error($link);
exit();
}
}
header('Location: view.php');
exit();
}
//Read registrants information from database : Stage 1
$sql = "select * from tblregistrants";
$result = mysqli_query($link, $sql);
if(!$result)
{
echo mysqli_error($link);
exit();
}
//Loop through each row on array and store the data to $reg_list[] : Stage 2
while($rows = mysqli_fetch_array($result))
{
$reg_list[] = array('regid' => $rows['regid'],
'regname' => $rows['regname'],
'address' => $rows['address'],
'phone' => $rows['phone'],
'email' => $rows['email'],
'company' => $rows['company']);
}
include 'view.php';
exit();
?>
无标题文件
电子邮件=“$email”之后的if和else语句中都遗漏了,
if ($_POST['action_type'] == 'add')
{
$sql = "insert into tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email',
company = '$company'";
}else{
$sql = "update tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email',
company = '$company'
where regid = $regid";
}
还可以使用准备好的语句来防止SQL注入更改此
$sql = "update tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email',
company = '$company'
where regid = $regid";
对此
$sql = "update tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email',
company = '$company'
where regid = '$regid'";
正如劳伦斯所说,在你的询问中,你失踪了
试试这个:
$sql = "insert into tblregistrants set
name = '$regname',
phone = '$phone',
address = '$address',
email = '$email',
company = '$company'";
您的查询中缺少了许多,
,例如email='$email'
@Shanukk您在说什么?$\u POST[“ci”]
也可以进行sql注入。有关SQL注入的详细信息以及如何防止它们。@Twinfriends mysql不支持堆叠查询,因此不能删除表,但可以转储表。尤其是在出现mysqli_错误时