-9

这是我页面顶部的 php 代码: 

if(!$_SESSION['username']){
  header("Location: ../error.php?id=1");
}

$teamgamertag = $_POST["gamertag"];
$teamgame = $_POST["game"];
$teamtype = $_POST["type"];
$teamname = $_POST["name"];
$teamconsole = $_POST["console"];

if(isset($_POST["submit"])){
  $sql2 = mysql_query("INSERT INTO teams (name, game, players, creator, console, leaders, type, score) VALUES ('$teamname', '$teamgame', '$teamgamertag', '$teamgamertag', '$teamconsole', '$teamgamertag', '$teamtype', '0'") or die(mysql_error());

  if($sql2){
    header("../results.php?id=1");
  }else{
    exit();
  }
}
?>

我不知道问题是什么以及在哪里解决它。提前谢谢你的帮助。

4

2 回答 2

4

缺少 SQL 查询的结束括号:

'$teamgamertag', '$teamtype', '0'")

它应该在这里:

'$teamgamertag', '$teamtype', '0')")

此外,您的 SQL 容易受到注入攻击。不要手动创建查询字符串。使用准备好的语句:PHP PDO 准备好的语句

于 2013-03-24T06:45:17.287 回答
0

将您的代码替换为

<?php
if(!$_SESSION['username']){
  header("Location: ../error.php?id=1");
}

$teamgamertag = $_POST["gamertag"];
$teamgame = $_POST["game"];
$teamtype = $_POST["type"];
$teamname = $_POST["name"];
$teamconsole = $_POST["console"];

if(isset($_POST["submit"])){
  $sql2 = mysql_query("INSERT INTO teams (name, game, players, creator, console, leaders, type, score) VALUES ('$teamname', '$teamgame', '$teamgamertag', '$teamgamertag', '$teamconsole', '$teamgamertag', '$teamtype', '0')") or die(mysql_error());

  if($sql2){
    header('Location: ../results.php?id=1');
  }else{
    exit();
  }
}
?>
于 2013-03-24T06:47:53.817 回答