Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/82.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 这里的SQL语法有什么问题?_Php_Sql_Mysql_Syntax - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 这里的SQL语法有什么问题?

Php 这里的SQL语法有什么问题?

php sql mysql syntax

Php 这里的SQL语法有什么问题?,php,sql,mysql,syntax,Php,Sql,Mysql,Syntax,我正在尝试创建一个具有web前端的IT资产数据库 我使用POST和一个已经写入cookie的变量从表单中收集了一些数据 这是我第一次尝试将数据输入数据库 代码如下: <?php //get data $id = $_POST['id']; $company = $_POST['company']; $location = $_POST['location']; $purchase_date = $_POST['purchase_date']; $purchase_order = $_PO

我正在尝试创建一个具有web前端的IT资产数据库

我使用POST和一个已经写入cookie的变量从表单中收集了一些数据

这是我第一次尝试将数据输入数据库

代码如下:

<?php

//get data
$id = $_POST['id'];
$company = $_POST['company'];
$location = $_POST['location'];
$purchase_date = $_POST['purchase_date'];
$purchase_order = $_POST['purchase_order'];
$value = $_POST['value'];
$type = $_COOKIE["type"];
$notes = $_POST['notes'];

$manufacturer = $_POST['manufacturer'];
$model = $_POST['model'];
$warranty = $_POST['warranty'];

//set cookies
setcookie('id', $id);
setcookie('company', $company);
setcookie('location', $location);
setcookie('purchase_date', $purchase_date);
setcookie('purchase_order', $purchase_order);
setcookie('value', $value);
setcookie('type', $type);
setcookie('notes', $notes);

setcookie('manufacturer', $manufacturer);
setcookie('model', $model);
setcookie('warranty', $warranty);

//checkdata

//start database interactions

// connect to mysql server and database "asset_db"
mysql_connect("localhost", "asset_db", "asset_db") or die(mysql_error());
mysql_select_db("asset_db") or die(mysql_error());

// Insert a row of information into the table "asset"
mysql_query("INSERT INTO asset 
(id, company, location, purchase_date, purchase_order, value, type, notes) VALUES('$id', '$company', '$location', '$purchase_date', $purchase_order', '$value', '$type', '$notes') ") 
or die(mysql_error());
echo "Asset Added";

// Insert a row of information into the table "server"
mysql_query("INSERT INTO server 
(id, manufacturer, model, warranty) VALUES('$id', '$manufacturer', '$model', '$warranty') ") 
or die(mysql_error());
echo "Server Added";


//destination url
//header("Location: verify_submit_server.php");

?>

您需要在$purchase\u订单之前有一个起始报价
您缺少了一个$purchase\u订单之前的
什么。另外,您的代码易受攻击,并且通常会遇到用户输入数据时嵌入单引号的问题。
您缺少开头引号,下面是更正的部分:


mysql_query("INSERT INTO asset 
(id, company, location, purchase_date, purchase_order, value, type, notes) VALUES('$id', '$company', '$location', '$purchase_date', '$purchase_order', '$value', '$type', '$notes') ") 
or die(mysql_error());
echo "Asset Added";



两个小贴士:使用
$\u SESSION
而不是
setcookie()
,并转义您的输入数据,这样就不会发生取消引用攻击。您能详细说明一下吗-有点像是同时开始学习ubuntu服务器、php和mysql,任何建议都将不胜感激。谢谢

mysql_query("INSERT INTO asset 
(id, company, location, purchase_date, purchase_order, value, type, notes) VALUES('$id', '$company', '$location', '$purchase_date', '$purchase_order', '$value', '$type', '$notes') ") 
or die(mysql_error());
echo "Asset Added";