如何修复此错误?
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1."
我正在使用 wamp 服务器。本地主机:81。
<?php
$conn =mysqli_connect('localhost', 'root' , '','register');
if(isset($_POST['submit']))
{
$fname=$_POST['FName'];
$mname = $_POST['UName'];
$email = $_POST['email'];
$contact = $_POST['contact'];
$gender = $_POST['gender'];
$Password = $_POST['Pass'];
$Repassword = $_POST['Rpass'];
$sql = "INSERT INTO registered(FullName,UserName,Email,Contact#,Gender,Password,RPassword) values('$fname','$mname','$email','$contact','$gender','$Password','$Repassword')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
print '<script>alert("Successfully Submit Data!");</script>';
}
else{
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
最佳答案
我建议在列名周围使用反引号 (`),以防止 SQL 将其视为其他内容。您还想确保也转义数据。
$sql = "INSERT INTO `registered`
(`FullName`, `UserName`, `Email`, `Contact#`, `Gender`, `Password`, `RPassword`)
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sssssss', $fname, $mname, $email, $contact, $gender, $Password, $Repassword);
if ( $stmt->exec() ) {
//Success
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
有关 SQL 注入(inject)及其对您有何影响的更多信息,请查看 this post .
关于php - 如何修复这个 SQL 语法错误?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30636439/