0

PHP 脚本:

<?php
include('connect.php');

if (isset($_POST['project_name'])){
    $name = $_POST['project_name'];
    $date = $_POST['date'];
    $amount = $_POST['amount'];
    $curr = $_POST['curr'];
    $spec = $_POST['spec'];
    $SQL = "INSERT INTO projects (name, date, currency, amount, specifications) VALUES '$name','$date','$amount','$curr','$spec'" or die(mysql_error()."update failed");
    $insert = mysql_query($SQL);    
    if($insert){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
} else {
?>
A HTML FORM HERE
<?php
}
?>

注意:connect.php 文件工作正常,因为我之前在其他脚本上使用过它,但在同一台服务器上。

每次我尝试提交表单 ( method = post) 时,都会收到此错误: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sad','08/13/2013','244','dollars','sdasd'' at line 1 32767

可能是什么问题呢?

4

3 回答 3

0 
INSERT INTO projects (name, date, currency, amount, specifications) VALUES( '$name','$date','$amount','$curr','$spec'")

添加(后值

于 2013-08-07T18:00:16.333 回答
0

插入时,VALUES必须将给定行括在括号中。

INSERT INTO projects (name, date, currency, amount, specifications) VALUES  
    ('$name','$date','$amount','$curr','$spec')

为了记住这一点,您只需要记住INSERT允许添加行,这就是为什么行必须用这些括号分隔:

-- Just for the example, insert 3 time the same row
INSERT INTO projects (name, date, currency, amount, specifications) VALUES
    ('$name','$date','$amount','$curr','$spec'),
    ('$name','$date','$amount','$curr','$spec'),
    ('$name','$date','$amount','$curr','$spec');

顺便说一句,请注意,使用字符串插值来构建查询是 SQL 注入的主要风险。请参阅如何防止 PHP 中的 SQL 注入?详情。

于 2013-08-07T18:00:19.707 回答
0

您忘记了插入语句中的(& :)

 $SQL = "INSERT INTO projects (name, date, currency, amount, specifications) 
         VALUES 
        ('$name','$date','$amount','$curr','$spec')" or die(mysql_error()."update failed");
于 2013-08-07T18:01:03.100 回答