function insertVisitorInfoSignIn($att_id, $card_no, $purpose, $block, $level, $staff_email, $pa_email, $staff_id,$dept_id){
$time_in = getTime();
$sql = "insert into visitor_history (att_id, card_no, time_in, purpose, block, level, staff_email, pa_email, staff_id,dept_id)
values ($att_id, '$card_no', '$time_in', '$purpose', '$block', '$level', '$staff_email', '$pa_email', $staff_id,$dept_id)";
$rs = mysql_query($sql) or die ("Error in function insertVisitorInfoSignIn ");
}
问问题
116 次
1 回答
1
这就是你正在使用的:
$sql = "insert into visitor_history
( att_id, card_no, time_in, purpose, block,
level, staff_email, pa_email, staff_id, dept_id)
values ( $att_id, '$card_no', '$time_in', '$purpose', '$block',
'$level', '$staff_email', '$pa_email', $staff_id, $dept_id)";
应该是这样的:
$sql = "insert into visitor_history
( att_id, card_no, time_in, purpose, block,
level, staff_email, pa_email, staff_id,dept_id)
values ( '$att_id', '$card_no', '$time_in', '$purpose', '$block',
'$level', '$staff_email', '$pa_email', '$staff_id', '$dept_id')";
通过变量传递值时,您在查询中错过了''一些变量。
我们建议您使用它mysql_real_escape_string()来防止您的数据库被 SQL 注入,并尝试使用 mysqli 或 PDO,因为不推荐使用 mysql 扩展。
于 2013-02-05T04:23:50.600 回答