php-错误的sql语法
I am trying to insert form data into one of the tables in my database. Data to be inserted are name, email, current date and users interests. Here is the code.
if (isset($_POST['name'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$intrests = $_POST['intrests'];
$default_intrests = array("mob","pcs","scm","oth");
$interests = "";
if (count($intrests) == 0) {
$interests = implode(",", $default_intrests);
}
else {
$interests = implode(",", $intrests);
}
$sqll="insert into subscriptions (name,email,subdate,intrests) values ($name,$email,CURRENT_DATE, $interests)";
$insert = mysqli_query($link, $sqll);
if (!$insert) {
echo mysqli_error($link);
}
}
On form submit, the following error is displayed:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'dsa,asdf@qwer.com,CURRENT_DATE, mob)' at line 1
我正在尝试将表单数据插入到我的数据库中的一个表中。 要插入的数据包括姓名,电子邮件,当前日期和用户兴趣。 这是代码。 p>
if(isset($ _ POST ['name'])){\ n $ name = $ _POST ['name'];
$ email = $ _POST ['email'];
$ intrests = $ _POST ['intrests'];
$ default_intrests = array(“mob”,“ pcs“,”scm“,”oth“);
$ interests =”“;
if(count($ intrests)== 0){
$ interest = implode(”,“,$ default_intrests); \ n}
else {
$ interests = implode(“,”,$ intrests);
}
$ sqll =“插入订阅(name,email,subdate,intrests)值($ name,$ email,CURRENT_DATE,$ interests)“;
$ insert = mysqli_query($ link,$ sqll);
if(!$ insert){
echo mysqli_error($ link);
}
}
pre>
在表单提交时,会显示以下错误: p>
您的SQL语法中有错误; 检查与您的MariaDB服务器版本对应的手册,以便在第1行“dsa,asdf @ qwer.com,CURRENT_DATE,mob)'附近使用正确的语法 p>
blockquote>
div>
Add ' to the value since some of them are string
$sqll="insert into subscriptions (name,email,subdate,intrests)
values ('$name','$email',CURRENT_DATE, '$interests')";
In fact,it's a bad idea to write parameter into to your sql directly,you had better to use prepared-statements to do it and avoid SQL Injection
mysql_query("insert into table values('data1', 'data2' )");
// User Entered fields
// *** This is dangerous, it is subject to sql injection,
$query = "insert into subscriptions(name,email,subdate,intrests)
values ('$name','$email',CURRENT_DATE, '$interests')";
$result = mysqli_query( $link, $query);
// *** Error checking, what if !$result? eg query is broken
$row = mysqli_fetch_array($result);
if(!$row){
echo "No Row inserted";
}
else {
echo "OK";
}
If any PHP variable is going to be used, you should never use mysqli_query(), but always stick to prepared statements, like this:
$stmt = $mysqli->prepare("insert into subscriptions name,email,subdate,intrests)
values (?,?,CURRENT_DATE, ?)");
$stmt->bind_param('sss', $class);
$stmt->execute();
$data = $stmt->get_result()->fetch_all();
Try storing current date into variable
something like this
if (isset($_POST['name'])) {
$name=$_POST['name'];
$email=$_POST['email'];
$intrests=$_POST['intrests'];
$CURRENT_DATE = date("Y-m-d");
$default_intrests=array("mob","pcs","scm","oth");
$interests="";
if(count($intrests)==0){
$interests= implode(",", $default_intrests);
}else{
$interests= implode(",", $intrests);
}
$sqll="insert into subscriptions (name,email,subdate,intrests) values ('$name','$email','CURRENT_DATE', '$interests')";
$insert= mysqli_query($link, $sqll);
if (!$insert) {
echo mysqli_error($link);
}
}
}