尝试从表单提交数据但似乎不起作用。看不出问题?
//Include connect file to make a connection to test_cars database
include("prototypeconnect.php");
$proId = $_POST["id"];
$proCode = $_POST["code"];
$proDescr = $_POST["descr"];
$proManu = $_POST["manu"];
$proCPU = $_POST["cpu"];
$proWPU = $_POST["wpu"];
$proBarCode = $_POST["barcode"];
$proIngredients = $_POST["ingredients"];
$proAllergens = $_POST["allergenscon"];
$proMayAllergens = $_POST["allergensmay"];
//Insert users data in database
$sql = "INSERT INTO prototype.Simplex_List (id, code, descr, manu, cpu, wpu, barcode, ingredients, allergenscon, allergensmay)
VALUES ('$proId' , '$proCode', '$proDescr' , '$proManu' , '$proCPU' , '$proWPU' , '$proBarCode' , '$proIngredients' , '$proAllergens' , '$proMayAllergens')";
//Run the insert query
mysql_query($sql)
最佳答案
首先,请不要使用 mysql_*** 函数,请使用准备好的语句
PDO http://php.net/manual/en/pdo.prepare.php
或 mysqli http://php.net/manual/en/mysqli.quickstart.prepared-statements.php反而。准备好的语句通过断开用户提交的数据与数据库查询的连接,帮助保护您免受 sql 注入(inject)尝试。
您可能想尝试使用 mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php确保没有杂散的 " 或 ' 破坏您的查询。
$proId = mysql_real_escape_string($_POST["id"]);
$proCode = mysql_real_escape_string($_POST["code"]);
$proDescr = mysql_real_escape_string($_POST["descr"]);
$proManu = mysql_real_escape_string($_POST["manu"]);
$proCPU = mysql_real_escape_string($_POST["cpu"]);
$proWPU = mysql_real_escape_string($_POST["wpu"]);
$proBarCode = mysql_real_escape_string($_POST["barcode"]);
$proIngredients = mysql_real_escape_string($_POST["ingredients"]);
$proAllergens = mysql_real_escape_string($_POST["allergenscon"]);
$proMayAllergens = mysql_real_escape_string($_POST["allergensmay"]);
此外,通过调用 var_dump($_POST) 来验证数据,确保提交表单
您还可以使用 mysql_error 查看查询是否出错 http://php.net/manual/en/function.mysql-error.php
if (!mysql_query($sql)) {
echo mysql_error();
}
关于php - 查询不插入数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31677981/