Php 在sql语句中插入变量
我正在尝试获得正确的语法,以便将表单中的变量插入到数据库表中 这是我的表格Php 在sql语句中插入变量,php,sql,Php,Sql,我正在尝试获得正确的语法,以便将表单中的变量插入到数据库表中 这是我的表格 <form name="texcom_daily" method="POST" action="actions/siteSubmit.php"> <input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" /> <table width="450px"> </tr> <tr> &
<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
<td valign="top">
<label for="first_name">First name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="last_name">Last name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="email">Email Address *</label>
</td>
<td valign="top">
<input type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="telephone">Telephone Number *</label>
</td>
<td valign="top">
<input type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_number">Truck Number *</label>
</td>
<td valign="top">
<input type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_milage">Truck Mileage *</label>
</td>
<td valign="top">
<input type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="carrier">Carrier *</label>
</td>
<td valign="top">
<input type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="site_number">Site Number *</label>
</td>
<td valign="top">
<input type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="lat">Latitude:</label>
</td>
<td valign="top">
<INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="longitude">Longitude:</label>
</td>
<td valign="top">
<input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="comments">Comments *</label>
</td>
<td valign="top">
<textarea name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
</td>
</tr>
<tr>
<td valign="top">
<label for="job_completion">Job Completion *</label>
<td colspan="2" style="text-align">
<?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?>
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
</td>
</tr>
</table>
</form>
这里有一个输入错误:“$\u POST[first]”,我更喜欢将变量串联起来。麻烦,但安全的方式。请尝试以下方法: “插入站点提交(名字、姓氏、电子邮件、电话、卡车号、卡车里程、承运人、站点号、纬度、经度、评论、作业完成情况) 值(“$\u POST['first'].”、“$\u POST['last'].”、“.”等试试这个。 在将值提交到数据库之前,应始终使用mysql\u real\u escape\u string来转义值
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";
你不能逃避用户的输入,这会让你很容易受到攻击。如果提供了某些数据,这也会导致你的查询失败。谢谢你,但数据库中没有输入任何内容……两条语句都没有。你看了表单吗?我想知道我是否正确调用了这些变量……你介意看看并确认一下吗?@NichoDiaz,您没有在任何地方启动会话。如果您没有在任何地方启动会话,则不应使用“$\u session”。其次,输入标记中不需要值字段。解决这两个问题后,它应该会工作。如果仍然不工作,请运行此操作并在问题中发布输出。var\u dump($sql2);var\u dump($success2);会话已经开始,我不应该在这里向您介绍。这只是一个只有登录的人才能访问的表单。当他们单击时,您可以查看phpsubmit@NichoDiaz好吧,我想你的剧本现在可以用了吧?
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";