无法执行插入查询? [英] Can not execute insert query?

问题描述

您能帮我解决这个问题吗?我试图将数据插入到我的数据库中，而不是将其插入die()输出；出现

Can you help me solve this problem? im trying to insert data to my database but instead of inserting it die() output; appears

<?php
    if (isset($_GET['submit'])) {
        $item_code = mysqli_real_escape_string($conn, $_GET['item_code']);
        $item_name = mysqli_real_escape_string($conn, $_GET['item_name']);
        $supplier = mysqli_real_escape_string($conn, $_GET['supplier_name']);
        $brand = mysqli_real_escape_string($conn, $_GET['brand_name']);
        $quantity = mysqli_real_escape_string($conn, $_GET['quantity']);
        $unit = mysqli_real_escape_string($conn, $_GET['unit_name']);
        $price = mysqli_real_escape_string($conn, $_GET['price']);
        $item_type = mysqli_real_escape_string($conn, $_GET['type_name']);
        $category = mysqli_real_escape_string($conn, $_GET['cat_name']);

        if ($item_code == '' || $item_name == '' || $supplier == '' || $brand == '' ||
            $quantity == '' ||
            $unit == '' ||
            $price == '' ||
            $item_type == '' ||
            $category == ''
        ) {
            header("Location: item.php?attempt=empty");
        } else {
            $sql = mysqli_query($conn, "INSERT INTO itemlist (item_name,supplier_name,brand_name,quantity,unit_name,price,type_name,cat_name)    values('$item_name','$supplier','$brand','$quantity','$unit','$price','$item_type','$category')")

            or die("Could not execute the insert query.");
            header("Location: item.php?attempt=saved");
        }
    } 
?>

推荐答案

我只是注意到了一些事情:

I just notice things:

• 为什么使用GET方法而不是POST传递数据?
• 您可以使用 empty() 代替== ''
• 您可以尝试准备好的语句，而不是对每个提交的数据进行转义和清理
• $_GET['item_code']的目的是什么?您没有在插入内容中使用它，但是它处于if()状态.

• Why use GET method to pass data instead of POST?
• You can use empty() instead of == ''
• You can try prepared statement rather than escaping and sanitizing each submitted data
• What is the purpose of $_GET['item_code']? You did not use it in your insert, but it is in your if() condition.

假设您将表单从GET更改为POST方法:

Assuming you changed your form from GET to POST method:

if (isset($_POST['submit'])) {

    if(empty($_POST['item_code']) || empty($_POST['item_name']) || empty($_POST['supplier_name']) || empty($_POST['brand_name']) || empty($_POST['quantity']) || empty($_POST['unit_name']) || empty($_POST['price']) || empty($_POST['type_name']) || empty($_POST['cat_name'])){

        header("Location: item.php?attempt=empty");

    } else {

        $stmt = $conn->prepare("INSERT INTO itemlist (item_code, item_name, supplier_name, brand_name, quantity, unit_name, price, type_name, cat_name) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("sssssssss", $_POST['item_code'], $_POST['item_name'], $_POST['supplier_name'], $_POST['brand_name'], $_POST['quantity'], $_POST['unit_name'], $_POST['price'], $_POST['type_name'], $_POST['cat_name']);
        $stmt->execute();
        $stmt->close();

        header("Location: item.php?attempt=saved");
    }
} 

请记住，一个空数据将进入if()条件并执行header("Location: item.php?attempt=empty");.

Remember, one empty data will go inside the if() condition and execute the header("Location: item.php?attempt=empty");.

这篇关于无法执行插入查询?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！