Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/283.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 在sql语句中插入变量_Php_Sql - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 在sql语句中插入变量

Php 在sql语句中插入变量

php sql

Php 在sql语句中插入变量,php,sql,Php,Sql,我正在尝试获得正确的语法,以便将表单中的变量插入到数据库表中 这是我的表格 <form name="texcom_daily" method="POST" action="actions/siteSubmit.php"> <input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" /> <table width="450px"> </tr> <tr> &

我正在尝试获得正确的语法,以便将表单中的变量插入到数据库表中

这是我的表格

<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
 <td valign="top">
  <label for="first_name">First name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="last_name">Last name *</label>
 </td>
 <td valign="top">
  <input  type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
 </td>
</tr>
<tr>
 <td valign="top">
  <label for="email">Email Address *</label>
 </td>
 <td valign="top">
  <input  type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
 </td>

</tr>

<tr>
 <td valign="top">
  <label for="telephone">Telephone Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">

 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_number">Truck Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="truck_milage">Truck Mileage *</label>
 </td>
 <td valign="top">
  <input  type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="carrier">Carrier *</label>
 </td>
 <td valign="top">
  <input  type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="site_number">Site Number *</label>
 </td>
 <td valign="top">
  <input  type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
 </td>
</tr>

<tr>
 <td valign="top">
 <label for="lat">Latitude:</label>
 </td>
  <td valign="top">
 <INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
 </td>
 </tr>

 <tr>
 <td valign="top">
 <label for="longitude">Longitude:</label>
 </td>
  <td valign="top">
 <input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
 </td>
 </tr>

<tr>
 <td valign="top">
  <label for="comments">Comments *</label>
 </td>
 <td valign="top">
  <textarea  name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
 </td>
</tr>

<tr>
 <td valign="top">
  <label for="job_completion">Job Completion *</label>
 <td colspan="2" style="text-align">
  <?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?> 
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes&nbsp;&nbsp;
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
 </td>
</tr>
</table>
</form>
这里有一个输入错误:“$\u POST[first]”,我更喜欢将变量串联起来。麻烦,但安全的方式。请尝试以下方法:

“插入站点提交(名字、姓氏、电子邮件、电话、卡车号、卡车里程、承运人、站点号、纬度、经度、评论、作业完成情况) 值(“$\u POST['first'].”、“$\u POST['last'].”、“.”等

试试这个。 在将值提交到数据库之前,应始终使用mysql\u real\u escape\u string来转义值

$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES  ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";
你不能逃避用户的输入,这会让你很容易受到攻击。如果提供了某些数据,这也会导致你的查询失败。谢谢你,但数据库中没有输入任何内容……两条语句都没有。你看了表单吗?我想知道我是否正确调用了这些变量……你介意看看并确认一下吗?@NichoDiaz,您没有在任何地方启动会话。如果您没有在任何地方启动会话,则不应使用“$\u session”。其次,输入标记中不需要值字段。解决这两个问题后,它应该会工作。如果仍然不工作,请运行此操作并在问题中发布输出。var\u dump($sql2);var\u dump($success2);会话已经开始,我不应该在这里向您介绍。这只是一个只有登录的人才能访问的表单。当他们单击时,您可以查看phpsubmit@NichoDiaz好吧,我想你的剧本现在可以用了吧? 
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion) VALUES  ( '" . $_POST['first'] . "', '" . $_POST['last'] . "', '" . $_POST['email'] . "', '" . $_POST['telephone']. "', '" . $_POST['truck_number'] . "', '" . $_POST['truck_mileage'] . "', '" . $_POST['carrier'] . "', '" . $_POST['site_number'] . "', '" . $_POST['lat'] . "', '" . $_POST['longitude'] . "', '" . $_POST['comments'] . "', '" . $_POST['job_completion'] . "')";