“检查与您的 MariaDB 服务器版本相对应的手册以获取正确的语法”
<?php
include 'db_connection.php';
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$conn = OpenCon();
echo "<br><br>Connected Successfully";
$sql = "INSERT INTO 'customer'('customer name','password','email','phone number') VALUES([$name], [$password], [$email], [$phone]);";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
?>
这段代码在尝试使用 INSERT 语句时给我错误。我使用 $conn 变量创建了 DBConenction。
吃鸡游戏浏览 46回答 2
2回答
-
慕妹3242003
避免在末尾出现不需要的分号,并从表名中删除单引号。请尝试以下操作。此外,由于您的两个字段之间包含空格,您可以避免使用单引号并使用 `` 反引号。$sql = "INSERT INTO customer (`customer name`,password, email, `phone number`) VALUES ('$name','$password','$email', '$phone') "; -
森栏
您的代码的解决方案我假设你的name、password、email和phone是字符串。因此它们必须出现在您最终请求中的引号之间,所以$sql = "INSERT INTO 'customer'('customer name','password','email','phone number') VALUES([$name], [$password], [$email], [$phone]);";改成$sql = "INSERT INTO 'customer'('customer name','password','email','phone number') VALUES('[$name]', '[$password]', '[$email]', '[$phone]')";此外,为了避免 SQL 注入,您应该转义从 POST 请求中获取的字符串,因此您应该替换$name = $_POST['name'];$password = $_POST['password'];$email = $_POST['email'];$phone = $_POST['phone'];经过$name = mysqli_real_escape_string($conn, $_POST['name']);$password = mysqli_real_escape_string($conn, $_POST['password']);$email = mysqli_real_escape_string($conn, $_POST['email']);$phone = mysqli_real_escape_string($conn, $_POST['phone']);并在建立联系后感动。更好的解决方案(如果可以的话)在 PHP 中处理数据库的最佳解决方案是使用准备好的请求,甚至更好:使用像Doctrine这样的 ORM 。它将更加安全可靠。
随时随地看视频慕课网APP
相关分类
Html5