我的代码是将从表单发布的值插入到表中。 代码:
1 $email1 = $_POST['txtemail'];
2 $user1 = $_POST['txtuser'];
3 $date1 = $_POST['txtdate'];
4 $subject1 = $_POST['txtsubject'];
5 $percent = $_POST['txtpercent'];
6 $percent1 = (string) $percent;
7 $query = "insert into personal_record values '','$email1','$user1','$date1','$subject1','$percent1'";
8 $result = mysql_query($query,$link);
这是我的代码,它给出了错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','jugal_patel2007@yahoo.co.in','Jugal','29 Mar 2011 13:28:42','jquery','40'' at line 1
请尽快帮助我...! 请帮忙。
最佳答案
您需要在值列表周围加上括号:
insert into personal_record
values ('','jugal_patel2007@yahoo.co.in','Jugal','29 Mar 2011 13:28:42','jquery','40')
而且,作为旁注,您确实必须使用 mysql_real_escape_string()
来转义您的数据 ,以防止SQL Injections !
所以,在这里,您可能会得到看起来有点像这样的东西:
$email1_safe = mysql_real_escape_string($_POST['txtemail']);
$user1_safe = mysql_real_escape_string($_POST['txtuser']);
$date1_safe = mysql_real_escape_string($_POST['txtdate']);
$subject1_safe = mysql_real_escape_string($_POST['txtsubject']);
$percent_safe = mysql_real_escape_string($_POST['txtpercent']);
$percent1_safe = mysql_real_escape_string((string) $percent);
$query = "insert into personal_record values ('','$email1_safe','$user1_safe','$date1_safe','$subject1_safe','$percent1_safe')";
$result = mysql_query($query,$link);
附加说明:
- 您确定百分比是您数据库中的一个字符串吗?如果不是,则无需将其作为字符串传递,只需使用整数或小数/ float
- 您还应该在插入查询中指定列名列表,以确保万无一失
关于php - 如何使用我的 PHP 代码向外键字段插入值?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5476950/