1. 首页
  2. 问答
  3. 为什么我想出一个语法错误?

为什么我想出一个语法错误?

2017-06-11 50 views
-1

我想通过一个HTML页面的职员添加到我的数据库,但它一直想出这个错误为什么我想出一个语法错误?

Query error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '', 'password4')' at line 1

这里是我的HTML代码

<form method="post" action="add_staff.php"> 
 
     
 
     <p>Staff Identification Number (SID):</p><input type="text" name="sid" required><br> 
 
     
 
     <p>First Name:</p><input type="text" name="sfirstname" required><br> 
 
     
 
     <p>Last Name:</p><input type="text" name="slastname" required><br> 
 
     
 
     <p>Phone:</p><input type="tel" name="phone" required><br> 
 
     
 
\t \t <p>Email:</p><input type="email" name="semail"><br> 
 
     
 
     <p>User Priveledge Number:</p><input type="text" name="privledgeno" required><br> 
 
     
 
     <p>Username:</p><input type="text" name="username"><br> 
 
     
 
     <p>Password:</p><input type="text" name="password"><br> 
 
     
 
     <br><br> 
 
     
 
     <input id ="input_submit" type="submit" value="Submit"> 
 
     <input id ="input_reset" type="reset"> 
 
    </form> 
 


And this is my php code 
<?php 
// MySQL Database Connect 
require_once("connection.php"); 

// Read the values from the form 
$SID =$_POST['sid']; 
$S_Firstname = $_POST['sfirstname']; 
$S_Lastname = $_POST['slastname']; 
$S_Phone = $_POST['phone']; 
$S_Email = $_POST['semail']; 
$User_privledge_no = $_POST['privledgeno']; 
$S_Username = $_POST['username']; 
$S_Password = $_POST['password']; 

// escape variables for security 
$S_Firstname = mysqli_real_escape_string($conn, $S_Firstname); 
$S_Lastname = mysqli_real_escape_string($conn, $S_Lastname); 
$S_Phone = mysqli_real_escape_string($conn, $S_Phone); 
$S_Email = mysqli_real_escape_string($conn, $S_Email); 
$User_privledge_no = mysqli_real_escape_string($conn,$User_privledge_no); 
$S_Username = mysqli_real_escape_string($conn, $S_Username); 
$S_Password = mysqli_real_escape_string($conn, $S_Password); 

// create the INSERT query 
$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email, User_privledge_no, S_Username, S_Password) VALUES  ('$SID','$S_Firstname', '$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', $S_Username', '$S_Password')"; 
$results = mysqli_query($conn, $query); 
if(!$results) { 
echo ("Query error: " . mysqli_error($conn)); 
exit; 
} 
else { 
// Redirect the browser window back to the add customer page 
header("location: ../add_cust.html"); 
} 
?>

谢谢

来源

2017-06-11 Taylor

+0

请参阅有关parametrised查询 – Strawberry

回答

1

因为您在$S_Username之前忘了单引号。更改$query

$query="INSERT INTO staff (SID, S_Firstname, S_Lastname, S_Phone, S_Email, 
User_privledge_no, S_Username, S_Password) VALUES  ('$SID','$S_Firstname', 
'$S_Lastname','$S_Phone', '$S_Email', '$User_privledge_no', '$S_Username', 
'$S_Password')";

来源

2017-06-11 06:55:09

+0

哦,我的天哪太感谢你了,我一直在这个整天和无法弄清楚,为什么它不工作。我知道这很简单。再次感谢! – Taylor

1

有时我们忘记任何语法和某个时候花太多时间来解决这个问题。有时我们应该使用一些技巧来防止这种错误,这里我用来防止。

$array = [ 
      "SID" => $SID, 
      "S_Firstname" => $S_Firstname, 
      "S_Lastname" => $S_Lastname, 
      "S_Phone" => $S_Phone, 
      "S_Email" => $S_Email, 
      "User_privledge_no" => $User_privledge_no, 
      "S_Username" => $S_Username, 
      "S_Password" => $S_Password, 
     ]; 

$colums = implode('`, `', array_keys($array)); // columns 
$data = implode("', '", $array); // data 
$sql "INSERT INTO staff (`".$colums."`) VALUES ('".$data."')"; // you can do inline code too

来源

2017-06-11 07:20:44

相关问题

 相关问题