使用php将数据插入mysql数据库[关闭]
问题描述:
<?php
$cxn = mysql_connect("localhost","root","") or die("failed to connect to mysql:" . mysql_error());
$barcode = $_POST['barcode'];
$manufacturer = $_POST['manufacturer'];
$product_name = $_POST['product_name'];
$category = $_POST['category'];
$model_no = $_POST['model_no'];
$price = $_POST['price'];
$color = $_POST['color'];
$image_path = $_POST['image_path'];
$others = $_POST['others'];
mysql_select_db("estinno",$cxn);
$sql="INSERT INTO details (barcode, manufacturer, product_name, category, model_no, price, color, image_path, others) VALUES ('$barcode', '$manufacturer', '$product_name', '$category', '$model_no', '$price', '$color', '$image_path', '$others')";
echo "Barcode details Successfully Added";
?>
I have seen all such related question, but none of them working here.
答
You have forgotton to run your SQL. Add:
$insert = mysql_query($sql);
if($insert){
echo "Barcode details Successfully Added";
} else {
echo mysql_error();
}
..and please update your code to use mysqli_* or PDO. mysql_* functions are being deprecated.
答
To make sure that your query parameters are escaped correctly, you can use prepared statements. Together with mysqli a solution can look like this:
<?php
$cxn = mysqli_connect("localhost","root","","estinno") or die("failed to connect to mysql:" . mysqli_error($con));
$barcode = $_POST['barcode'];
$manufacturer = $_POST['manufacturer'];
$product_name = $_POST['product_name'];
$category = $_POST['category'];
$model_no = $_POST['model_no'];
$price = $_POST['price'];
$color = $_POST['color'];
$image_path = $_POST['image_path'];
$others = $_POST['others'];
$stmt = $cxn->prepare('INSERT INTO details (barcode, manufacturer, product_name, category, model_no, price, color, image_path, others) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->bind_param('sssssssss', $barcode, $manufacturer, $product_name, $category, $model_no, $price, $color, $image_path, $others);
$stmt->execute();
$stmt->close();
echo "Barcode details Successfully Added";