MySQLi插入问题-php7.2.10
我一直在从事一个旨在成为任天堂3DS数据库的自我项目。 但是,在插入零件处,它会出现以下错误 您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册,以了解在第1行的“”附近使用的正确语法 我已经检查了所有被请求的文件,但它们都没有“”的内容 代码如下: addgame.phpMySQLi插入问题-php7.2.10,php,mysql,mysqli,Php,Mysql,Mysqli,我一直在从事一个旨在成为任天堂3DS数据库的自我项目。 但是,在插入零件处,它会出现以下错误 您的SQL语法有错误;请查看与您的MySQL服务器版本对应的手册,以了解在第1行的“”附近使用的正确语法 我已经检查了所有被请求的文件,但它们都没有“”的内容 代码如下: addgame.php <?php require 'connect.php'; require 'phpqrcode/qrlib.php'; $c = connectDB(); define('IMAGE_WIDTH',200
<?php
require 'connect.php';
require 'phpqrcode/qrlib.php';
$c = connectDB();
define('IMAGE_WIDTH',200);
define('IMAGE_HEIGHT',200);
$boxDir = "../boxdb/";
$name = $_POST['name'];
$link = $_POST['link'];
$desc = $_POST['description'];
$rel = $_POST['releaseDate'];
$reg = $_POST['region'];
$gen = $_POST['genre'];
$box = $_FILES['box']['name'];
$temp_box = $_FILES['box']['tmp_name'];
$qrName = '../qrdb/' . $name . '.png';
$qr = QRcode::png($link, $qrName);
move_uploaded_file($temp_box, $boxDir.$box);
if(!empty($reg) and is_array($reg)) {
$regArr = implode(' , ',$reg);
}
if(!empty($gen) and is_array($gen)) {
$genArr = implode(' , ',$gen);
}
$ins = mysqli_query($c,"INSERT INTO db(gameName,ciaLink,gameDesc, releaseDate, region, genre, gameBox,qr) VALUES('$name','$link','$desc','$rel','$regArr','$genArr','$temp_box','$qr'");
if($ins){
echo 'OK';
}
else{
echo mysqli_error($c);
}
?>
<form action="../libs/addGame.php" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="gameName">Name of the Game</label>
<input type="text" class="form-control" name="name" id="gameName" placeholder="Ex.: Super Mario 3D Land...">
</div>
<div class="form-group">
<label for="gameName">Direct Download Game Link (for Google Drive, use <a href="https://sites.google.com/site/gdocs2direct/" target="_blank">this</a>)</label>
<input type="text" class="form-control" name="link" id="gameName" placeholder="Ex.: https://example.com/gamename.cia">
</div>
<div class="form-group">
<label for="gameDesc">Description</label>
<textarea class="form-control" name="description" id="gameDesc" placeholder="Game Description" rows="3"></textarea>
</div>
<div class="form-group">
<label for="gameDate">Release Date</label>
<input type="date" class="form-control" name="releaseDate" id="gameDate" placeholder="Release Date">
</div>
<div class="form-group">
<label>Regions where game was released</label>
<select multiple class="form-control" id="gameGen" name="region[]">
<option value="EUR">EUR</option>
<option value="JPN">JPN</option>
<option value="USA">USA</option>
</select>
</div>
<div class="form-group">
<label for="gameGen">Genre - You can select more than one if applies</label>
<select multiple class="form-control" id="gameGen" name="genre[]">
<option value="Action">Action</option>
<option value="Adventure">Adventure</option>
<option value="RPG">RPG</option>
<option value="Sports">Sports</option>
</select>
</div>
<div class="form-group">
<label for="gameBox">Game box image</label>
<input type="file" class="form-control-file" name="box" id="gameBox">
</div>
<input type="submit" class="btn btn-primary mb-2" value="Add">
</form>
<?php
define("HOST","localhost");
define("USER","root");
define("PASS","");
define("DB","3ds");
function connectDB(){
$c = mysqli_connect(HOST,USER,PASS,DB);
return $c;
}
?>
<?php
require 'connect.php';
require 'phpqrcode/qrlib.php';
$c = connectDB();
define('IMAGE_WIDTH',200);
define('IMAGE_HEIGHT',200);
$boxDir = "../boxdb/";
$name = $_POST['name'];
$link = $_POST['link'];
$desc = $_POST['description'];
$rel = $_POST['releaseDate'];
$reg = $_POST['region'];
$gen = $_POST['genre'];
$box = $_FILES['box']['name'];
$temp_box = $_FILES['box']['tmp_name'];
$qrFolder = '../qrdb/' . $name . '.png';
$qr = QRcode::png($link, $qrFolder);
$qrName = $name . '.png';
move_uploaded_file($temp_box, $boxDir.$box);
if(!empty($reg) and is_array($reg)) {
$regArr = implode(' , ',$reg);
}
if(!empty($gen) and is_array($gen)) {
$genArr = implode(' , ',$gen);
}
$stmt = $c->prepare("INSERT INTO db(gameName,ciaLink,gameDesc, releaseDate, region, genre, gameBox,qr) VALUES(?,?,?,?,?,?,?,?)");
$stmt->bind_param("ssssssss",$name,$link,$desc,$rel,$regArr,$genArr,$box,$qrName);
$stmt->execute();
echo "New game added successfully";
$stmt->close();
$c->close();
?>
我发现了我的错误,在$ins查询中,我关闭了值内的插入,而没有关闭查询。注:以下是@Jens提到的带准备语句的更正代码:
addGame.php
<?php
require 'connect.php';
require 'phpqrcode/qrlib.php';
$c = connectDB();
define('IMAGE_WIDTH',200);
define('IMAGE_HEIGHT',200);
$boxDir = "../boxdb/";
$name = $_POST['name'];
$link = $_POST['link'];
$desc = $_POST['description'];
$rel = $_POST['releaseDate'];
$reg = $_POST['region'];
$gen = $_POST['genre'];
$box = $_FILES['box']['name'];
$temp_box = $_FILES['box']['tmp_name'];
$qrName = '../qrdb/' . $name . '.png';
$qr = QRcode::png($link, $qrName);
move_uploaded_file($temp_box, $boxDir.$box);
if(!empty($reg) and is_array($reg)) {
$regArr = implode(' , ',$reg);
}
if(!empty($gen) and is_array($gen)) {
$genArr = implode(' , ',$gen);
}
$ins = mysqli_query($c,"INSERT INTO db(gameName,ciaLink,gameDesc, releaseDate, region, genre, gameBox,qr) VALUES('$name','$link','$desc','$rel','$regArr','$genArr','$temp_box','$qr'");
if($ins){
echo 'OK';
}
else{
echo mysqli_error($c);
}
?>
<form action="../libs/addGame.php" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="gameName">Name of the Game</label>
<input type="text" class="form-control" name="name" id="gameName" placeholder="Ex.: Super Mario 3D Land...">
</div>
<div class="form-group">
<label for="gameName">Direct Download Game Link (for Google Drive, use <a href="https://sites.google.com/site/gdocs2direct/" target="_blank">this</a>)</label>
<input type="text" class="form-control" name="link" id="gameName" placeholder="Ex.: https://example.com/gamename.cia">
</div>
<div class="form-group">
<label for="gameDesc">Description</label>
<textarea class="form-control" name="description" id="gameDesc" placeholder="Game Description" rows="3"></textarea>
</div>
<div class="form-group">
<label for="gameDate">Release Date</label>
<input type="date" class="form-control" name="releaseDate" id="gameDate" placeholder="Release Date">
</div>
<div class="form-group">
<label>Regions where game was released</label>
<select multiple class="form-control" id="gameGen" name="region[]">
<option value="EUR">EUR</option>
<option value="JPN">JPN</option>
<option value="USA">USA</option>
</select>
</div>
<div class="form-group">
<label for="gameGen">Genre - You can select more than one if applies</label>
<select multiple class="form-control" id="gameGen" name="genre[]">
<option value="Action">Action</option>
<option value="Adventure">Adventure</option>
<option value="RPG">RPG</option>
<option value="Sports">Sports</option>
</select>
</div>
<div class="form-group">
<label for="gameBox">Game box image</label>
<input type="file" class="form-control-file" name="box" id="gameBox">
</div>
<input type="submit" class="btn btn-primary mb-2" value="Add">
</form>
<?php
define("HOST","localhost");
define("USER","root");
define("PASS","");
define("DB","3ds");
function connectDB(){
$c = mysqli_connect(HOST,USER,PASS,DB);
return $c;
}
?>
<?php
require 'connect.php';
require 'phpqrcode/qrlib.php';
$c = connectDB();
define('IMAGE_WIDTH',200);
define('IMAGE_HEIGHT',200);
$boxDir = "../boxdb/";
$name = $_POST['name'];
$link = $_POST['link'];
$desc = $_POST['description'];
$rel = $_POST['releaseDate'];
$reg = $_POST['region'];
$gen = $_POST['genre'];
$box = $_FILES['box']['name'];
$temp_box = $_FILES['box']['tmp_name'];
$qrFolder = '../qrdb/' . $name . '.png';
$qr = QRcode::png($link, $qrFolder);
$qrName = $name . '.png';
move_uploaded_file($temp_box, $boxDir.$box);
if(!empty($reg) and is_array($reg)) {
$regArr = implode(' , ',$reg);
}
if(!empty($gen) and is_array($gen)) {
$genArr = implode(' , ',$gen);
}
$stmt = $c->prepare("INSERT INTO db(gameName,ciaLink,gameDesc, releaseDate, region, genre, gameBox,qr) VALUES(?,?,?,?,?,?,?,?)");
$stmt->bind_param("ssssssss",$name,$link,$desc,$rel,$regArr,$genArr,$box,$qrName);
$stmt->execute();
echo "New game added successfully";
$stmt->close();
$c->close();
?>
谢谢大家 了解预处理语句以防止SQL injectionEcho输出语句并共享它不要像这样插入参数,您的任何参数都可能包含会破坏查询的内容,正如Jens所指出的,查看预处理语句,然后为您处理参数的管理html@Jens没错,但这不应该破坏他们的准则;只有用JS才能做到这一点。