插入MySQL Table PHP [英] Insert into MySQL Table PHP

问题描述

我在制作一个简单的表单以将数据插入MySQL表时遇到了一些麻烦.我不断收到此SQL错误:

I am having some trouble making a simple form to insert data into a MySQL table. I keep getting this SQL error:

错误:您的SQL语法有错误；请查看手册 对应于您的MySQL服务器版本以使用正确的语法 在第1行的'stock('ItemNumber'，'Stock')VALUES('#4'，'3'')'附近

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'stock ('ItemNumber', 'Stock') VALUES ('#4','3'')' at line 1"

我的表单的 HTML 是:

    <form action="database.php" method="post">
    Item Number: <input type="text" name="ItemNumber">
    Stock: <input type="text" name="Stock">
    <input type="submit">
    </form>

PHP 是:

    <?php
    $con=mysqli_connect("localhost","root","root","inventory");
    if (mysqli_connect_errno($con))
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }
     $sql = "INSERT INTO current stock ('ItemNumber', 'Stock')
    VALUES
    ('$_POST[ItemNumber]','$_POST[Stock]'')";
    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";
    mysqli_close($con);
    ?>

推荐答案

尝试一下

您不应在POST前后使用参数引号.您应该在POST中使用它们

you should not use quotes of parameter around POST . and you should use them inside POST

       $sql = "INSERT INTO `current stock` (ItemNumber, Stock)
           VALUES
         ('".$_POST['ItemNumber']."', '".$_POST['Stock']."' )";

在将变量插入到mysql之类的变量之前，应该先对其进行转义

you should escape your variables before you insert them to mysql like that

• 请注意，该示例未调用mysqli_real_escape_string.如果直接将字符串嵌入查询中，则只需要使用mysqli_real_escape_string，但是我建议您不要这样做.始终尽可能使用参数.

• Note that the example does not call mysqli_real_escape_string. You would only need to use mysqli_real_escape_string if you were embedding the string directly in the query, but I would advise you to never do this. Always use parameters whenever possible.

这篇关于插入MySQL Table PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！