Php 您的SQL语法有错误;当你尝试提交表格时
您的SQL语法有错误;检查与您的MariaDB服务器版本相对应的手册,以了解第2行“1”、“7”和“123tw”附近使用的正确语法 我在提交表单时遇到了上述错误Php 您的SQL语法有错误;当你尝试提交表格时,php,sql,forms,mysqli,Php,Sql,Forms,Mysqli,您的SQL语法有错误;检查与您的MariaDB服务器版本相对应的手册,以了解第2行“1”、“7”和“123tw”附近使用的正确语法 我在提交表单时遇到了上述错误 <?php session_start(); $branch=$_SESSION['branch']; include('../dist/includes/dbcon.php'); $name = $_POST['prod_name']; $price = $_POST[
<?php
session_start();
$branch=$_SESSION['branch'];
include('../dist/includes/dbcon.php');
$name = $_POST['prod_name'];
$price = $_POST['prod_price'];
$desc = $_POST['prod_desc'];
$supplier = $_POST['supplier'];
$reorder = $_POST['reorder'];
$category = $_POST['category'];
//$quantity = $_POST['prod_qty'];
$serialn = $_POST['serialn'];
$query2=mysqli_query($con,"select * from product where prod_name='$name' and branch_id='$branch'")or die(mysqli_error($con));
$count=mysqli_num_rows($query2);
if ($count>0)
{
echo "<script type='text/javascript'>alert('Product already exist!');</script>";
echo "<script>document.location='product.php'</script>";
}
else
{
$pic = $_FILES["image"]["name"];
if ($pic=="")
{
$pic="default.gif";
}
else
{
$pic = $_FILES["image"]["name"];
$type = $_FILES["image"]["type"];
$size = $_FILES["image"]["size"];
$temp = $_FILES["image"]["tmp_name"];
$error = $_FILES["image"]["error"];
if ($error > 0)
{
die("Error uploading file! Code $error.");
}
else{
if($size > 100000000000) //conditions for the file
{
die("Format is not allowed or file size is too big!");
}
else
{
move_uploaded_file($temp, "../dist/uploads/".$pic);
}
}
}
mysqli_query($con,"INSERT INTO product(prod_name,prod_price,prod_desc,prod_pic,cat_id,reorder,supplier_id,branch_id,serialn)
VALUES('$name','$price','$desc','$pic','$category', $reorder','$supplier','$branch','$serialn')")or die(mysqli_error($con));
echo "<script type='text/javascript'>alert('Successfully added new product!');</script>";
echo "<script>document.location='product.php'</script>";
}
?>
看起来您在$reorder'之前缺少一个报价?SQL INSERT查询中出现错误
mysqli_query($con,"INSERT INTO product(prod_name,prod_price,prod_desc,prod_pic,cat_id,reorder,supplier_id,branch_id,serialn)
VALUES('$name','$price','$desc','$pic','$category','$reorder','$supplier','$branch','$serialn')")or die(mysqli_error($con))
mysqli_query($con,"INSERT INTO product(prod_name, prod_price, prod_desc ,prod_pic, cat_id, reorder, supplier_id, branch_id, serialn) VALUES ('$name', '$price', '$desc', '$pic', '$category', '$reorder', '$supplier', '$branch', '$serialn')")or die(mysqli_error($con))or die(mysqli_error($con));
您对查询非常开放,应该真正使用而不是连接查询。特别是因为你根本没有逃避用户的输入!忘记这个问题吧,从使用准备好的语句重构代码开始,这将改变您的查询,您的问题很可能会在这个过程中得到解决。不要浪费时间调试你确实需要更新的不安全代码。这不会改变任何事情。您知道可以在双引号字符串中回显变量,对吗?如果您查看失败的查询,则是进一步向下的插入,而不是上面的。。在$reorder处的Insert查询中出错。将$reorder'替换为“$reorder”。另外,不应连接查询。你应该使用事先准备好的陈述。至少如果您不想受到SQL注入的攻击,请注意其他人对SQL注入问题和其他事项的评论!