我在将表单中的数据插入数据库时遇到了一个小问题,下面的 INSERT 语句:
if (isset($_REQUEST['Submit'])) {
// Code to insert note into field;
$sql = "INSERT INTO fields (notes) VALUES
('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."')
WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";
if($result = mysql_query($sql)) {
echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
} else {
echo "ERROR: ".mysql_error();
}
} else {
产生此错误消息:
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE companyId='11' AND fileNumber =''' at line 1
首先,$filename 变量显然没有显示出来,我可以将 $companyid[id] var 复制到字段中,它会正确显示 var 内容,但仍然会引发语法错误。
我是一个 PHP SQL 菜鸟,正在自学,所以请对我温柔一点:)
这是完整的代码减去表格
<?php
include "header.php";
$checkFiles = "checkFiles.php";
// Catches form input from previous page and stores it into session variable called filename for future reference;
$_SESSION['filename']=$_POST['filename'];
$filename = $_SESSION['filename'];
//User id stuff from previous page too;
$userid = $_SESSION['userid'];
$id = mysql_query("SELECT id FROM users WHERE DXNumber='".$userid."'");
// Returns pointer so fetch it as an array and insert it into variable $companyid for later use;
$companyid = mysql_fetch_array($id);
if (isset($_REQUEST['Submit'])) {
// Code to insert note into field;
$sql = "INSERT INTO fields (notes) VALUES ('".mysql_real_escape_string(stripslashes($_REQUEST['note']))."')
WHERE companyId='".$companyid['id']."' AND fileNumber ='".$filename."'";
if($result = mysql_query($sql)) {
echo "<h1>Thank you</h1>Your information has been entered into our database<br><br>";
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>