PHP SQL - 插入表格

Question

我有一个问题亲爱的stackoverflowers，有人可以帮我吗？

这是我的代码：

<?php 
    $host = "localhost"; 
    $user = "root"; 
    $pass = "password"; 
    $db = "hotelcalifornia"; 

    $room_Number  = ($_POST['Room_Number']); 
    $room_Category = ($_POST['Room_Category']); 
    $room_Description = ($_POST['Room_Description']); 
    $room_Detail  = ($_POST['Room_Detail']); 

    $conn = mysql_connect($host, $user, $pass); 
    $db = mysql_select_db($db, $conn); 

    mysql_select_db($db, $conn); 

    $sql = "INSERT TO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES ('$room_Number','$room_Category', '$room_Description','$room_Detail')"; 

    mysql_query($sql, $conn);   

?> 

谁能告诉我为什么我不能在这个数据库中的数据插入到我的表？

Answer 1

这不是INSERT TO，它是INSERT INTO。因此，您不应该使用mysql函数，而应该使用mysqli函数，因为您的代码容易受到SQL注入的影响。

$host = "localhost"; 
$user = "root"; 
$pass = "password"; 
$db = "hotelcalifornia"; 

$conn = new mysqli($host, $user, $pass, $db); 

$room_Number  = $_POST['Room_Number']; 
$room_Category = $_POST['Room_Category']; 
$room_Description = $_POST['Room_Description']; 
$room_Detail  = $_POST['Room_Detail']; 

$sql = "INSERT INTO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES (?,?,?,?)"; 
$stmt = $conn->prepare($sql); 
$stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail); 
if ($stmt->execute()) { 
    if($stmt->affected_rows > 0){ 
     echo "New record created successfully"; 
    } 
} else { 
    echo "Error: " . $sql . "<br>" . $stmt->error; 
} 
$stmt->close(); 

在这几行$stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail);i对应于其中s由变量，我假设$room_Number和$room_Category是整数值，其中$room_Description和$room_Detail是字符串值的顺序对应于字符串中的整数。