1. 首页
  2. 问答
  3. 插入formfields到SQL - 错误

插入formfields到SQL - 错误

2015-12-30 65 views
0

嗨,所以我有一个表单有10个字段,我试图通过发布他们在PHP页面上插入他们的SQL数据库。连接启动正常,但它返回的错误如下:插入formfields到SQL - 错误

Error: INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES (, , , , , , , , ,) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , ,)' at line 1

include_once 'connect.php'; 
// Create connection 
$conn = new mysqli(HOST, USER, PASSWORD, DATABASE); 
// Check connection 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 

$name = $_POST['name']; 
$teacher = $_POST['teacher']; 
$description = $_POST['description']; 
$class = $_POST['class']; 
$dayone = $_POST['dayone']; 
$daytwo = $_POST['daytwo']; 
$daythree = $_POST['daythree']; 
$std1 = $_POST['std1']; 
$std2 = $_POST['std2']; 
$std3 = $_POST['std3']; 

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ($name, $teacher, $description, $class, $dayone, $daytwo, $daythree, $std1, $std2, $std3)"; 

if ($conn->query($sql) === TRUE) { 
    echo "New record created successfully"; 
} else { 
    echo "Error: " . $sql . "<br>" . $conn->error; 
} 

$conn->close();

我还要提到的是,数据库表有一个多场名为ID类型为int(11),这是AUTO_INCREMENT,我希望它是自动每次插入新行时都会填充。我错了吗?

编辑:添加HTML代码,因为它已被要求

<form name="registration_form" method="post" class="clearfix" action="create.php"> 
    <div class="form-group"> 
     <label for="name">NAME</label> 
     <input type="text" class="form-control" id="name" placeholder="Course Name"> 
    </div> 
    <div class="form-group"> 
     <label for="teacher">Teacher</label> 
     <input type="text" class="form-control" id="teacher" placeholder="Teacher's Name"> 
    </div> 
    <div class="form-group"> 
     <label for="description">Description</label> 
     <textarea class="form-control" id="description" placeholder="Description"></textarea> 
    </div> 
    <div class="form-group"> 
     <label for="class">Class</label> 
     <input type="text" class="form-control" id="class" placeholder="Class Name"> 
    </div> 
    <div class="form-group"> 
     <label for="dayone">Day one</label> 
     <input type="text" class="form-control" id="dayone" placeholder="Day One"> 
    </div> 
    <div class="form-group"> 
     <label for="daytwo">Day two</label> 
     <input type="text" class="form-control" id="daytwo" placeholder="Day Two"> 
    </div> 
    <div class="form-group"> 
     <label for="daythree">Day three</label> 
     <input type="text" class="form-control" id="daythree" placeholder="Day Three"> 
    </div> 
    <div class="form-group"> 
     <label for="std1">std1</label> 
     <input type="text" class="form-control" id="std1" placeholder="std1"> 
    </div> 
    <div class="form-group"> 
     <label for="std2">std2</label> 
     <input type="text" class="form-control" id="std2" placeholder="std2"> 
    </div> 
    <div class="form-group"> 
     <label for="std1">std3</label> 
     <input type="text" class="form-control" id="std3" placeholder="std3"> 
    </div> 
    <div class="checkbox"> 
     <label> 
      <input type="checkbox">I Understand <a href="#">Terms & Conditions</a> 
     </label> 
    </div> 
    <button type="submit" class="btn pull-right">Create Course</button> 
</form>

来源

2015-12-30 George Chareas

+0

你确定你的字段不是空的吗?什么是'var_dump($ _ POST);'?此外,这是非常糟糕的,你应该看看[我怎样才能防止SQL注入在PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection- in-php?rq = 1) – FirstOne

+0

@FirstOne是兄弟 - “MySQL返回了一个空结果集(即零行)(查询花了0.0001秒)”那是什么“SELECT * FROM'courses'”返回 –

+0

你是对的,id字段不需要处理,因为它会自动增加。为了进一步提供帮助,我们需要了解如何设置HTML表单以查看问题的出处 – bhooks

回答

0

这应该可以帮助您确定问题是否未收到POST变量。

还有一点安全性。

// create an array of all possible input values 
$input_array = array('name', 'teacher', 'description', 'class', 'dayone', 'daytwo', 'daythree', 'std1', 'std2', 'std3'); 

// create an input array to put any received data into for input to the database 
$input_array = array(); 

include_once 'connect.php'; 
    // Create connection 
    $conn = new mysqli(HOST, USER, PASSWORD, DATABASE); 
    // Check connection 
    if ($conn->connect_error) { 
     die("Connection failed: " . $conn->connect_error); 
    } 


    // loop through the possible input values to check that a post variable has been received for each.. if received escape the data ready for input to the database 
    foreach($input_array as $key => $value) 
    { 
    if(!isset($_POST[$value])) { 
    die("no {$value} post variables received"); 
    } 
    $input_array[$value] = mysqli_real_escape_string($conn, $_POST[$value]); 
    } 


    $sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('{$input_array['name']}', '{$input_array['teacher']}', '{$input_array['description']}', '{$input_array['class']}', '{$input_array['dayone']}', '{$input_array['daytwo']}', '{$input_array['daythree']}', '{$input_array['std1']}', '{$input_array['std2']}', '{$input_array['std3']}')"; 

    if ($conn->query($sql) === TRUE) { 
     echo "New record created successfully"; 
    } else { 
     echo "Error: " . $sql . "<br>" . $conn->error; 
    } 

    $conn->close();

来源

2015-12-30 16:17:04

-1

尝试:

$sql = "INSERT INTO courses (name, teacher, description, class, DAYONE, DAYTWO, DAYTHREE, STD1, STD2, STD3) VALUES ('".$name."', '".$teacher."', '".$description."', '".$class."', '".$dayone."', '".$daytwo."', '".$daythree."', '".$std1."', '".$std2."', '".$std3."')";

此外,使用:

$name = $conn->real_escape_string($_POST['name']); 
//etc

同时添加名称到您的窗体字段:

<input name="class" type="text" class="form-control" id="class" placeholder="Class Name">

来源

2015-12-30 16:04:30 NOJ75

+0

谢谢 - 成功的消息已经返回,真的谢谢你,请问我可以向我解释,因为我是新手为什么要使用''。之前和之后的值? –

+0

非常欢迎。我不是专业人士,但我认为这是因为变量需要变成字符串。就像我说的,我不是专业人士,但我过去曾经遇到过这个问题,但是通过试验和错误计算出来:) – NOJ75

+0

太棒了:)非常感谢你! –

相关问题

 相关问题