-4

我正在尝试在一个 Mysql 字段上添加 2 个 html 表单字段已尝试此代码,但无法将值插入数据库。

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

  $city= mysql_real_escape_string($_POST['city']);
  $name = mysql_real_escape_string($_POST['name']. "-" . $_POST['domain']);
  $alias = mysql_real_escape_string($_POST['alias']);
  $date = mysql_real_escape_string($_POST['Date']);
  $user = mysql_real_escape_string($_POST['user']);
  $id = mysql_real_escape_string($_POST['id']);

    $all1 = implode(",",$city);
    $all2 = implode(",",$name);
$all3 = implode(",",$alias);
$all4 = implode(",",$date);
$all5 = implode(",",$user);
$all6 = implode(",",$id);


$all1e = explode(",",$city);
$all2e = explode(",",$name);
$all3e = explode(",",$alias);
$all4e = explode(",",$date);
$all5e = explode(",",$user);
$all6e = explode(",",$id);

     $insert = mysql_query ("INSERT INTO `Dname` (`city`, `name`, `alias`, `user`,     `Date`, `id`) VALUES ('$all1e','$all2e','$all3e','$all4e','$all5e'");

    //insert null for id place holder
$insert .= "'')";
$res = mysql_query($insert) or die(mysql_error());
}
4

1 回答 1

1

除了处理用户输入的一种非常奇怪的方式之外,您的直接问题是您的查询缺少id列和右括号的值,因为您没有分配查询文本,而是首先分配执行结果,mysql_query()然后尝试连接结果使用空字符串,然后再次将'')文字传递给mysql_query()

简而言之,并假设您的id列已auto_increment更改

 $insert = mysql_query ("INSERT INTO `Dname` (`city`, `name`, `alias`, `user`,     `Date`, `id`) VALUES ('$all1e','$all2e','$all3e','$all4e','$all5e'");

//insert null for id place holder
$insert .= "'')";
$res = mysql_query($insert) or die(mysql_error());


$insert = "INSERT INTO `Dname` (`city`, `name`, `alias`, `user`, `Date`)
           VALUES ('$all1e', '$all2e', '$all3e', '$all4e', '$all5e')";
$res = mysql_query($insert) or die(mysql_error());

在旁注中,不要插入查询字符串,而是使用带有or的准备好的语句mysqli_*PDO

话虽如此,您在 PDO 中带有准备好的语句的代码可能看起来像

$city  = $_POST['city'];
$name  = $_POST['name']. "-" . $_POST['domain'];
$alias = $_POST['alias'];
$date  = $_POST['Date'];
$user  = $_POST['user'];

try {
    $db = new PDO('mysql:host=localhost;dbname=dbname;charset=UTF8', 'user', 'password');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

    $insert = "INSERT INTO `dname` (`city`, `name`, `alias`, `user`, `date`) VALUES (?, ?, ?, ?, ?)";
    $query = $db->prepare($insert);
    $query->execute(array($city, $name, $alias, $user, $date));
} catch (PDOException $e) {
    echo "Exeption: " .$e->getMessage();
}
$query = null;
$db = null;
于 2013-08-26T00:11:42.177 回答