我发现了一些 php 代码有问题。该页面连接到 MySQL 数据库,列出记录并提供用于删除记录的按钮以及用于输入新记录的表单。列表和删除工作正常,但是当我去添加新记录时,它会出现以下错误
“插入失败:插入产品值('3',测试名称','测试名称','66','0','77',>'0','测试描述','测试描述esp', 'test notes')您的 SQL 语法有错误;请查看与您的 MySQL 服务器>版本相对应的手册,以了解在 'name'、'test nombre'、'66'、'0'、' 附近使用的正确语法77', '0', 'Test >descript', 'Test descript esp'' 在第 1 行"
我检查了拼写错误,但找不到任何东西-希望有人能发现我做错了什么并指出我正确的方向。谢谢。这是PHP代码:
<?php
$pageTitle = "MIS Dashboard";
include ('includes/header.php'); ?>
<div class="wrapper">
<?php // productsadmin.php
require_once 'includes/login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database, $db_server)
or die("Unable to select database: " . mysql_error());
if (isset($_POST['delete']) && isset($_POST['product_id']))
{
$product_id = get_post('product_id');
$query = "DELETE FROM products WHERE product_id='$product_id'";
if (!mysql_query($query, $db_server))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}
if (isset($_POST['product_id']) &&
isset($_POST['name_eng']) &&
isset($_POST['name_esp']) &&
isset($_POST['netprice_bob']) &&
isset($_POST['netprice_usd']) &&
isset($_POST['sellingprice_bob']) &&
isset($_POST['sellingprice_usd']) &&
isset($_POST['description_eng']) &&
isset($_POST['description_esp']) &&
isset($_POST['notes']))
{
$product_id = get_post('product_id');
$name_eng = get_post('name_eng');
$name_esp = get_post('name_esp');
$netprice_bob = get_post('netprice_bob');
$netprice_usd = get_post('netprice_usd');
$sellingprice_bob = get_post('sellingprice_bob');
$sellingprice_usd = get_post('sellingprice_usd');
$description_eng = get_post('description_eng');
$description_esp = get_post('description_esp');
$notes = get_post('notes');
$query = "INSERT INTO products VALUES" .
"('$product_id', $name_eng', '$name_esp', '$netprice_bob', '$netprice_usd', '$sellingprice_bob', '$sellingprice_usd', '$description_eng', '$description_esp', '$notes')";
if (!mysql_query($query, $db_server))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}
echo <<<_END
<form action="productsadmin.php" method="post"><pre>
Product ID: <input type="text" name="product_id" />
Name: <input type="text" name="name_eng" />
Nombre: <input type="text" name="name_esp" />
Net Price BOB: <input type="text" name="netprice_bob" />
Net Price USD: <input type="text" name="netprice_usd" />
Selling Price BOB: <input type="text" name="sellingprice_bob" />
Selling Price USD: <input type="text" name="sellingprice_usd" />
Description : <input type="text" name="description_eng" />
Descripcion : <input type="text" name="description_esp" />
Notes : <input type="text" name="notes" />
<input type="submit" value="ADD RECORD" />
</pre></form>
_END;
$query = "SELECT * FROM products";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
$rows = mysql_num_rows($result);
for ($j = 0 ; $j < $rows ; ++$j)
{
$row = mysql_fetch_row($result);
echo <<<_END
<pre>
Product ID: $row[0]
Name: $row[1]
Nombre: $row[2]
Net Price BOB: $row[3]
Net Price USD: $row[4]
Selling Price BOB: $row[5]
Selling Price USD: $row[6]
Description: $row[7]
Descripcion: $row[8]
Notes: $row[9]
</pre>
<form action="productsadmin.php" method="post">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="product_id" value="$row[0]" />
<input type="submit" value="DELETE RECORD" /></form>
_END;
}
mysql_close($db_server);
function get_post($var)
{
return mysql_real_escape_string($_POST[$var]);
}
?>
</div>
<?php include ('includes/footer.php'); ?>