0

所以这应该是一个非常简单的添加到表 PHP/MySQL - 但是由于某种原因我无法开始工作。我尝试过使用引号放置、连接等。但是我想我需要一些帮助。谢谢 

<?php 
//Variables from Form
$Fs = "$_POST[Fs]";
$Ls = "$_POST[Ls]";
$T = "$_POST[T]"; 
$A = "$_POST[A]";
$Sn = "$_POST[Sn]";
?>

<h2>Add</h2>
<form  id="form"  action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<input name="Fs" type="text" value="First Name" size="20" maxlength="60" onfocus="if (this.value=='First Name') this.value='';"onblur="if (this.value=='') this.value='First Name';"/>
<input name="Ls" type="text" value="Last Name" size="20" maxlength="60"onfocus="if (this.value=='Last Name') this.value='';"onblur="if (this.value=='') this.value='Last Name';" />
<input name="T" type="text" value="Telephone" size="20" maxlength="60" onfocus="if (this.value=='Telephone') this.value='';"onblur="if (this.value=='') this.value='Telephone';"/>
<input name="A" type="text" value="Address" size="20" maxlength="60"onfocus="if (this.value=='Address') this.value='';" onblur="if (this.value=='') this.value='Address';"/>
<input name="Sn" type="text" value="Student Number" size="40" maxlength="40" onfocus="if (this.value=='Student Number') this.value='';" onblur="if (this.value=='') this.value='Student Number';"/>


 <?php 
if(isset($_POST['Submit'])) 
 { 

//Conections

 $con = mysql_connect("localhost", "root", "root") or die("Error connecting to database: ".mysql_error());
mysql_select_db("assign2") or die(mysql_error());

//Insert Statements

if($Fs != null && $Ls != null && $T != null && $T != null && $A != null && $Sn != null) {
    echo "<br><br><br>" .  $Fs . " " . $Ls . " " . $T . " " . $A . " " . $Sn ;
     mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) VALUES ('$Fs' , '$Ls' . '$T' . '$A' . '$Sn')");
 }
else {
echo "Missing Info"; 

  }
 }
 ?>
4

2 回答 2

0

您在插入查询中使用了 (DOT) (.) 而不是逗号 (,)。

mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) 值 ('$Fs' , '$Ls' , '$T' , '$A' ,'$Sn')" );

于 2013-09-22T17:52:03.857 回答
0

首先,每次调用数据库函数时,都应该检查它的返回值是否失败。当您不这样做时,某些事情可能会失败,您将不知道发生了什么。

这里就是这种情况:您在插入语句中使用点而不是逗号分隔了一些值。这是一个 SQL 语法错误。查询应如下所示:

$result = mysqli_query($con, "INSERT INTO 'assign2table' (First_Name , Last_Name , Telephone , Address ,Student_Number) VALUES ('$Fs' , '$Ls', '$T', '$A', '$Sn')");
if ($result === FALSE) {
    echo "Insert failed: ".mysqli_error($con);
}

其次,这段代码有一个明显的 SQL 注入漏洞。你应该学会使用准备好的语句

于 2013-09-22T17:53:11.243 回答