0

我知道这里只是通过一些测试没有足够的验证。$result 总是返回空?我的查询不好吗?我是 PHP 新手,将变量连接成字符串并不是我完全掌握的东西。使用 OOP 形式,因为我非常熟悉它和概念。

另外,我知道这段代码非常草率......只是试图直接潜入=)` 

$page = new Page();

$page->title = "Add a New Item";
$page->DisplayHeader();
$page->DisplaySidebar();

if (isset($_POST['submit']))
{
    // make short variable names
    $name = trim($_POST['name']);
    $level = intval($_POST['level']);
    $slot = strtolower($_POST['slot']);
    $hp = intval($_POST['hp']);
    $mana = intval($_POST['mana']);
    $mvs = intval($_POST['mvs']);
    $int = intval($_POST['int']);
    $wis = intval($_POST['wis']);
    $str = intval($_POST['str']);
    $dex = intval($_POST['dex']);
    $con = intval($_POST['con']);
    $p_ac = intval($_POST['p_ac']);
    $m_ac = intval($_POST['m_ac']);
    $saves = intval($_POST['saves']);
    $hit = intval($_POST['hit']);
    $dam = intval($_POST['dam']);


    $queryOk = 1;

    if (empty($name) || empty($level) || empty($slot))
    {
        echo '<h3>Please enter all the required fields</h3>';
        $queryOk = 0;
    }

    // Instantiate database object and connect
    @ $db = new mysqli('*host*', '*user*', '*pass*', '*database*');

    // Check connection to 
    if (mysqli_connect_errno()) {
        echo 'Error:  Could not connect to database, try again later';
    }

    $query = "INSERT INTO items (name, level, slot, hp, mana, mvs, int, wis, str, dex, con, p_ac, m_ac, saves, hit, dam)".
    "V ALUES ('$name', $level, '$slot', $hp, $mana, $mvs, $int, $wis, $str, $dex, $con, $p_ac, $m_ac, $saves, $hit, $dam)";

    $result = $db->query($query);

    if (!$result)
    {
        echo '<h3>Error:  Item was not entered.  (Your webmaster sucks)</h3>';
    }
    else    {
        echo "<p>The items \"$name\" was successfully entered into the database.  <a href=\"equipment.php\>Back to Equipment or add another item.</a></p>";
    }

    $db->close();
}`
4

2 回答 2

2

如果空格V ALUES实际上在您的代码中,这会导致您的查询失败

更新

如果这不是错误的原因,$mysqli->error请查看发生了什么错误。

if (!$result)
{
    echo '<h3>'$mysqli->error'  (Your webmaster sucks)</h3>';
}
于 2012-06-15T03:03:26.340 回答
0

int是 mysql 中的保留字,您将其用作字段名。你必须用反引号来逃避它:

INSERT INTO ... (..., `int`, ...)
                      ^---^-- escapes

您的查询:

INSERT INTO items (name, level, slot, hp, mana, mvs, int, wis, str, dex, con, p_ac, m_ac, saves, hit, dam)
                                                     ^^^^--- problem here
VALUES ('$name', $level, '$slot', $hp, $mana, $mvs, $int, $wis, $str, $dex, $con, $p_ac, $m_ac, $saves, $hit, $dam)";
                                                   ^^^^^---NOT here
于 2012-06-15T03:27:34.587 回答