PHP代码:PHP和MySQL不工作
<?php
// Create connection
$con=mysqli_connect("localhost","root","root","demo1");
echo "Connection was successful";
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysql_select_db("demo1",$con);
$sqli="INSERT INTO employee (Employee ID,NAME,Date Hired,Position,Salary,Department Code,Can HIRE,BOSSID)
VALUES('$_POST[EMPID]','$_POST[NAME]','$_POST[DATEHIRED]','$_POST[POSITION]','$_POST[SALARY]','$_POST[D EPTCODE]','$_POST[CANHIRE]','$_POST[BOSSID]')";
if (!mysqli_query($con,$sqli))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
HTML代码
<!DOCTYPE html>
<html>
<body>
<h1> EMPLOYEE </h1><br>
<form action="LAB5.php" method="post">
Employee ID: <input type="text" name="EMPID" ><br>
NAME: <input type="text" name="NAME" ><br>
Date Hired <input type="text" name="DATEHIRED" ><br>
Position: <input type="text" name="POSITION" ><br>
Salary: <input type="text" name="SALARY" ><br>
Department Code: <input type="text" name="DEPTCODE" ><br>
Can HIRE <input type="text" name="CANHIRE" ><br>
BOSSID: <input type="text" name="BOSSID" ><br>
<input type="image" src="Submit.gif" alt="Submit" width="100" height="50"><br>
</body>
</html>
错误信息:
连接是successfulError:你有一个错误你的SQL语法; 检查对应于你的MySQL服务器版本的权利 语法使用附近的手册“编号,姓名,聘用日期,职位,工资,部门代码,可以租用,BOSSID)VALU”在行1
表截图:http://tinypic.com/r/vni4bc/8
首先...请不要使用'mysql_ *'功能,因为它们是贬值了。请使用“PDO”或“mysqli_ *”。此外,您的代码受注入攻击。请看这个了解更多:http://www.php.net/manual/en/security.database.sql-injection.php –
已经给出的答案;想知道他们是否抓住了这一点细节,*或两个*,然后再次可能甚至*三*。我没有触及这个。 –