0

下面是我尝试过的代码,但我似乎无法做出正确的调整来让脚本正常运行。

$sql = 'INSERT INTO clients (first_name, last_name, email) VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')
INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';

mysql_query($sql) or die (mysql_error());

任何帮助深表感谢。

4

4 回答 4

3

您不能执行两个 sql 语句mysql_query();

使用这样的东西:

$sql = 'INSERT INTO clients (first_name, last_name, email) VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')';
mysql_query($sql);

$clientId = mysql_insert_id();

$sql = 'INSERT INTO client_data (client_id, phone, zip, note) VALUES('.$clientId.', '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';

mysql_query($sql) or die (mysql_error());

但是阅读 SQL 注入以及如何防止它们。

于 2012-04-10T15:06:51.490 回答
0

您应该将其分成两个单独mysql_query的调用并使用该mysql_insert_id函数:

$firstName = mysql_real_escape_string($_POST["first_name"]);
$lastName = mysql_real_escape_string($_POST["last_name"]);
$email = mysql_real_escape_string($_POST["email"]);
$phone = mysql_real_escape_string($_POST["phone"]);
$zip = mysql_real_escape_string($_POST["zip"]);
$message = mysql_real_escape_string($_POST["message"]);

mysql_query("INSERT INTO clients (first_name, last_name, email) VALUES ('{$firstName}', '{$lastName}', '{$email}')") or die(mysql_error());
mysql_query("INSERT INTO client_data (client_id, phone, zip, note) VALUES ('". mysql_insert_id() ."', '{$phone}', '{$zip}', '{$message}')") or die(mysql_error());
于 2012-04-10T15:07:58.353 回答
0

只需进行 2 个查询:

$sql_insert_clients = "INSERT INTO clients (first_name, last_name, email) VALUES(".$_POST['first_name'].", ".$_POST['last_name'].", ".$_POST['email'].")";
mysql_query($sql_insert_clients) or die (mysql_error());

$sql_insert_client_data = "INSERT INTO client_data (client_id, phone, zip, note) VALUES(".mysql_insert_id().", ".$_POST['phone'].", ".$_POST['zip'].", ".$_POST['message'].")";
mysql_query($sql_insert_client_data) or die (mysql_error());
于 2012-04-10T15:10:24.967 回答
-1

Your just missing the semi-colon to split the Insert's

$sql = 'INSERT INTO clients (first_name, last_name, email) 
        VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')'."; ".' INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';

mysqli_multi_query($sql) or die (mysql_error());

the SQL query it should be running (with dummy content) is

INSERT INTO clients (first_name, last_name, email) VALUES('test', 'surname', email); INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), 'phone', 'zip', 'message');
于 2012-04-10T15:18:20.127 回答