0

I'm close but stuck. I pull the user name from drupal and store it in a variable called $username, I want to store this in a column called username. However the below code throws up an error

        $sql = "INSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, username) VALUES ('$_POST[site_id]','$_POST[user_id]','$_POST[eventdate]','$_POST[eventtime]',$username)";

Error

warning: pg_query() [function.pg-query]: Query failed: ERROR: syntax error at or near ")" at character 112 in /var/www/html/drupal1/includes/common.inc(1743) : eval()'d code on line 30.

I pull the user name using:

 User Name: <?php 
 global $user;
 echo $user->name;
 $username = $user->name;
 ?>

If i echo this variable i get the result = admin

4

2 回答 2

0

如果不查看 的输出,我不确定echo $sql;,但我想问题出在您访问$POST数组的方式上。

尝试这个:

    $sql = "INSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, \"username\")"
          ." VALUES ('$_POST[site_id]', "
          ."         '$_POST[user_id]',"
          ."         '$_POST[eventdate]',"
          ."         '$_POST[eventtime]',"
          ."          '$username')";

编辑:更正语法

于 2013-07-22T11:20:26.507 回答
0

你没有username加引号。代替

,$username)";


,'$username')";

顺便说一句,您不应该在 SQL 语句中放置未转义的用户输入。这可能导致 SQL 注入。看这里

于 2013-07-22T11:31:08.133 回答