0
我想要获得以下脚本将提交的数据发送到我的数据库。看来我失败了,并从mysqli_error得到一个错误告诉我,我的SQL语法是错误的。然而,我正在按照我在书中所述的语法。为什么这个mysql查询不能成功插入到我的数据库?
如果设置了Get ['save'],则表示表单已提交。我尝试在我的列名称周围添加反引号,正如其他地方在stackoverflow上所建议的,但无济于事。
下面是我得到的错误:
“您的SQL语法错误;检查对应于你的MySQL服务器版本使用附近“[(`正确的语法手册第一行“的值({$ person,$ age})'
警告:mysqli_fetch_array()期望参数1为mysqli_result,布尔值在C:\ wamp \ www \ contacthmw3中给出\ index.php on line 33
Call Stack # Time Memory Function Location 1 0.0024 148104 {main}() ..\index.php:0 2 0.0163 157640 mysqli_fetch_array () ..\index.php:33
<?php
include_once 'magicquotes.php';
include_once 'db.inc.php'; // connects, sets chars, selects db
include_once 'form.php'; // just saves form to $form
$sqlselect = 'SELECT person, age FROM people;
SELECT email, phone FROM contacts;';
if (!isset($_GET['save'])) {
echo $form;
} else {
$person = $_GET['person'];
$age = $_GET['age'];
$email = $_GET['email'];
$phone = $_GET['phone'];
$sqlsave = 'INSERT INTO people (`person`, `age`) VALUES ($person, $age);';
$savedtodb = mysqli_query($link, $sqlsave);
if (!$savedtodb)
{echo 'Failed to save to db' . mysqli_error($link);}
// send form submission to db with sanitized data
}
$contacts = mysqli_query($link, $sqlselect); //retrieve data into $contacts array
if (!$contacts) {
echo 'Failed to get contacts from db.' . mysqli_error($link);
}
while ($row = mysqli_fetch_array($contacts)) {
$showme[] = array('person' => $row['person'], 'age' => $row['age']);
foreach ($showme as $indiv => $age) {
echo $indiv . $age;
}
}
?>
<?php
if (isset($_GET['save'])):
?>
<p>Last details entered into the table:</p>
<table border="1">
<tr> <th>Person</th><th>Age</th><th>Email</th><th>Phone</th></tr>
<tr>
<td> <?php echo $_GET['person']; ?></td>
<td> <?php echo $_GET['age']; ?></td>
<td> <?php echo $_GET['email']; ?></td>
<td> <?php echo $_GET['phone']; ?></td>
</tr>
</table>
<?php
endif;
?>
这不是书中告诉你写的查询。 –
使用[绑定变量](http://us.php.net/manual/en/mysqli.quickstart.prepared-statements.php),而不是将未转义和不带引号的输入插入到查询中。 – DCoder
您没有初始化$ link – Sebas