Php SQL插入不';行不通
为什么这个简单的插入不起作用?唯一未插入的值是$streamName,如果我从代码中删除该值,则一切正常,代码如下:Php SQL插入不';行不通,php,mysql,get,Php,Mysql,Get,为什么这个简单的插入不起作用?唯一未插入的值是$streamName,如果我从代码中删除该值,则一切正常,代码如下: $userId= $_SESSION['kt_login_id']; $streamName= $_GET['streamName']; $streamDuration= $_GET['streamDuration']; $recorderId= $_GET['recorderId']; $con = mysql_connect("localhost","wwwmeety_
$userId= $_SESSION['kt_login_id'];
$streamName= $_GET['streamName'];
$streamDuration= $_GET['streamDuration'];
$recorderId= $_GET['recorderId'];
$con = mysql_connect("localhost","wwwmeety_staff","xxxxxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("wwwmeety_ourstaff", $con);
mysql_query("INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id)
VALUES ($userId, $streamName, $streamDuration, $recorderId)");
mysql_close($con);
和MySQL导出
CREATE TABLE IF NOT EXISTS `recordedvideos` (
`record_id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) DEFAULT NULL,
`streamName` text,
`record_duration` text,
`recorder_id` text,
PRIMARY KEY (`record_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
您忘记了将字符串括在引号中
mysql_query(
"INSERT INTO recordedvideos
(user_id, streamName, record_duration, recorder_id) VALUES
($userId, '$streamName', '$streamDuration', '$recorderId')"
);
但为了避免sql注入,最好使用以下方法:
mysql_查询(“插入录制的视频(用户id、流名称、录制持续时间、录制者id))
值($userId、$streamName、$streamDuration、$recorderId'))
在字符串类型值周围加上单引号。您必须用单引号将字符串字段括起来。
INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id)
VALUES ($userId, '$streamName', '$streamDuration', '$recorderId')
我在firebug中检查过,还有一件事是将值传递到该文件,下面是值:您得到了什么错误消息?(mysql\u errno()和
mysql\u error()
返回什么?)。我忘了用引号把字符串括起来。
INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id)
VALUES ($userId, '$streamName', '$streamDuration', '$recorderId')