INSERT语句不起作用[关闭]
问题描述:
$p_item_details=$i->ProductItemDetail;
$in_product_details="insert into product_item_details(location_id,speial_description,special,introduction,inclusion,exclusion,additional_info,ticketing_details,commence,department_point,department_date,suppliedby,return_details,department_time,condition,hotel_list,hotel_pickup_instruction,itinerary) values('$id_tables','$p_item_details->SpecialDescription','$p_item_details->Special','$p_item_details->Introduction',' $p_item_details->Inclusions','$p_item_details->Exclusions','$p_item_details->AdditionalInfo','$p_item_details->TicketingDetails','$p_item_details->Commences','$p_item_details->DeparturePoint','$p_item_details->DepartureDate','$p_item_details->SuppliedBy','$p_item_details->ReturnDetails','$p_item_details->DepartureTime','$p_item_details->Conditions','$p_item_details->HotelList','$p_item_details->HotelPickupInstructions','$p_item_details->Itinerary')";
mysql_query($in_product_details,$con);
Statement insert not work although the connection with the server correct and select db correct I didn't find in my db the insertion
答
"condition" is a MySQL reserved word. If you have to use it as a column name wrap it in backticks (`)
EDIT
And escape any strings that you're planning on storing in the database. That allows the db to handle quotes (') in the actual string itself.
As suggested by Joop, using prepared statements avoids this problem.
The mysql extension is almost dead in the water these days (aside from millions of antiquated tutorials on the web). Consider moving to mysqli or PDO