我试图插入数据库某种形式发布数据,但它显示了错误:PHP表单数据插入在MySQL
Error: INSERT INTO user_data (name, age, gender,happy,sad,angry) VALUES (Sourav,23,male,3.5,2.75,1.5)
Unknown column 'Sourav' in 'field list'
我使用的查询:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES (" . $name . "," . $age . "," . $gender . "," . $happyness . "," . $sadness . "," . $angryness . ")";
你有将字符串值放在引号内。如下更新代码。
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
此外,您的代码是不安全的。插入表单数据时使用转义字符串。
使用''像'Sourav'
INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('Sourav','23','male','3.5','2.75','1.5')
或类似的
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
试试这个..,
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
希望这有助于..
更改您的查询:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
你真的应该看看和mysqli或pdo扩展 - 或者至少是使用某种类型的引用您的参数,像mysql_real_escape_string。直接将用户输入传递给数据库查询可以很容易地用于mysql注入。
使用PDO你可以写你这样的代码:
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$name = 'BOB';
$password = 'badpass';
$stmt = $db->prepare("INSERT INTO table(`hexvalue`, `password`) VALUES(HEX(?), PASSWORD(?))");
$stmt->execute(array($name, $password));
永远不要直接将用户输入到数据库中查询。至少使用某种参数转义或mysqli/pdo来避免mysql注入。 – Sven