0

谁能解释一下为什么这个 PHP / MySQL 不起作用?基本上我需要从表单中一次插入大量行,因此会有多个名称字段、多个短、中、长字段等。我收到此错误:

Notice: Undefined variable: Short1 in C:\xampp\htdocs\process.php on line 95
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Long, VLong, Extreme, LJump, HJump, Shotputt, Discuss, Javelin, Date, Year) VAL' at line 2

这是我的PHP

<?php


$host = "localhost";
$databasename = "pe_results";
$databaseusername = "root";
$databasepassword = "";

$conn = mysql_connect("$host", "$databaseusername", "$databasepassword"); 
mysql_select_db("$databasename", $conn); 

        if (isset($_POST['Name1'])) { 
        $Name1 = $_POST['Name1'];
        }
        if (isset($_POST['Short1'])) { 
        $Short1 = $_POST['Short1'];
        }
        if (isset($_POST['Med1'])) { 
        $Med1 = $_POST['Med1'];
        }
        if (isset($_POST['Long1'])) { 
        $Long1 = $_POST['Long1'];
        }
        if (isset($_POST['VLong1'])) { 
        $VLong1 = $_POST['VLong1'];
        }
        if (isset($_POST['Extreme1'])) { 
        $Extreme1 = $_POST['Extreme1'];
        }
        if (isset($_POST['LJump1'])) { 
        $LJump1 = $_POST['LJump1'];
        }
        if (isset($_POST['HJump1'])) { 
        $HJump1 = $_POST['HJump1'];
        }
        if (isset($_POST['Shotputt1'])) { 
        $Shotputt1 = $_POST['Shotputt1'];
        }
        if (isset($_POST['Discuss1'])) { 
        $Discuss1 = $_POST['Discuss1'];
        }
        if (isset($_POST['Javelin1'])) { 
        $Javelin1 = $_POST['Javelin1'];
        }
        if (isset($_POST['Date'])) { 
        $Date = $_POST['Date'];
        }
        if (isset($_POST['Year'])) { 
        $Year = $_POST['Year'];
        }
        // Sector 2 */
            if (isset($_POST['Name2'])) { 
        $Name2 = $_POST['Name2'];
        }
        if (isset($_POST['Short2'])) { 
        $Short2 = $_POST['Short2'];
        }
        if (isset($_POST['Med2'])) { 
        $Med2 = $_POST['Med2'];
        }
        if (isset($_POST['Long2'])) { 
        $Long2 = $_POST['Long2'];
        }
        if (isset($_POST['VLong2'])) { 
        $VLong2 = $_POST['VLong2'];
        }
        if (isset($_POST['Extreme2'])) { 
        $Extreme2 = $_POST['Extreme2'];
        }
        if (isset($_POST['LJump2'])) { 
        $LJump2 = $_POST['LJump2'];
        }
        if (isset($_POST['HJump2'])) { 
        $HJump2 = $_POST['HJump2'];
        }
        if (isset($_POST['Shotputt2'])) { 
        $Shotputt2 = $_POST['Shotputt2'];
        }
        if (isset($_POST['Discuss2'])) { 
        $Discuss2 = $_POST['Discuss2'];
        }
        if (isset($_POST['Javelin2'])) { 
        $Javelin2 = $_POST['Javelin2'];
        }
        if (isset($_POST['Date'])) { 
        $Date = $_POST['Date'];
        }
        if (isset($_POST['Year'])) { 
        $Year = $_POST['Year'];
        }

        $sql="INSERT INTO results_main
  (Name, Short, Med, Long, VLong, Extreme, LJump, HJump, Shotputt, Discuss, Javelin, Date, Year)
VALUES
  ('$Name1', '$Short1', '$Med1', '$Long1', '$VLong1', '$Extreme1', '$LJump1', '$HJump1', '$Shotputt1', '$Discuss1', '$Javelin1', '$Date', '$Year'),
  ('$Name2', '$Short2', '$Med2', '$Long2', '$VLong2', '$Extreme2', '$LJump2', '$HJump2', '$Shotputt2', '$Discuss2', '$Javelin2', '$Date', '$Year');
";

$result = mysql_query($sql) or die(mysql_error());

// close connection 
mysql_close($conn);

?>

JW 的新错误消息

Notice: Undefined variable: Short1 in C:\xampp\htdocs\process.php on line 95
INSERT INTO results_main (`Name`, `Short`, `Med`, `Long`, `VLong`, `Extreme`, `LJump`, `HJump`, `Shotputt`, `Discuss`, `Javelin`, `Date`, `Year`) VALUES (`1`, ``, `1`, `1`, `1`, `1`, `1`, `1`, `1`, `1`, `1`, `2013-04-26`, `10`), (`2`, `2`, `2`, `2`, `2`, `2`, `2`, `2`, `2`, `2`, `2`, `2013-04-26`, `10`); Unknown column '1' in 'field list'
4

3 回答 3

3

LONG是保留关键字,恰好是您的列的名称。为了避免语法错误,列名应该用反引号转义。

INSERT INTO results_main(Name, Short, Med, `Long`, VLong, ...) VALUES (....)

如果您有权更改列,请将名称更改为非保留关键字,以避免将来出现问题。

作为旁注,SQL Injection如果变量的值(s)来自外部,则查询很容易受到攻击。请看下面的文章,了解如何预防。通过使用PreparedStatements,您可以摆脱在值周围使用单引号。

于 2013-04-15T13:02:42.640 回答
0

检查您的帖子数组,您的 $_POST['Short1']; 有问题

也不要使用MYSQL 保留关键字,Long 是保留关键字。如果你使用你应该通过

`Long`
于 2013-04-15T13:02:46.667 回答
0

我建议转储您的 $_POST 数组并查看它。根据您的代码,仅当 $_POST 数组中有值时才设置变量。

于 2013-04-15T13:03:52.113 回答