-1

我已经尝试了 2 天,只是无法让这个插入语句工作......我做错了什么吗?(我也没有错误)

<?php
$username = "1";
$kname = "1";   
$sql = "INSERT INTO photos(username, kname) 
         VALUES('" . $username . "', '" . $kname . "')";
    $hostname_Database = "(censored)";
    $database_Database = "(censored)";
    $username_Database = "(censored)";
    $password_Database = "(censored)";

    $mysqli = new mysqli($hostname_Database, $username_Database, $password_Database, $database_Database); 
    if (mysqli_connect_errno()) {
       printf("Connect failed: %s\n", mysqli_connect_error());
       exit();
    }



    $result = $mysqli->query($sql);
    if ($result) {

 }
?>
4

2 回答 2

0

切勿在 SQL 语句中直接使用 php 变量。SQL注入的可能性很大。

尝试使用 PDO for PHP,它是执行 SQL CRUD 操作的更佳方式。

首先,您必须设置数据库,然后执行插入、选择或更新等查询,它会帮助你很多,编写更少的代码。

$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDBPDO";

$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


$stmt = $conn->prepare("INSERT INTO photos (username, kname) VALUES (?, ?)");
$stmt->execute([  $username , $kname   ]);

欲了解更多信息,请尝试 w3school 链接:https ://www.w3schools.com/php/php_mysql_prepared_statements.asp

于 2020-07-24T22:39:11.620 回答
-1

试试这样的,

$sql = "INSERT INTO photos(username, kname) 
     VALUES(\" $username  \", \"  $kname \")";
于 2012-11-11T23:16:27.147 回答