PHP MySQL语法,用于插入日期,时间 [英] PHP MySQL syntax for inserting date,time
问题描述
我正在尝试使用php脚本插入日期,时间字段,但出现语法错误.有人可以告诉我,我在哪里做错. 谢谢大家
I am trying to insert to date,time fields using a php script but I am getting a syntax error. Can someone please tell me, where I am doing the mistake. Thanks fellows
将日历插入日历(事件,自,至,日) 价值 ('.$ _ REQUEST ['event']."', '.$ _ REQUEST ['from_time']."', '.$ _ REQUEST ['to_time']."',, '.$ _ REQUEST ['date_event']."')
INSERT INTO calendar(event,from,to,day) VALUES ('".$_REQUEST['event']."', '".$_REQUEST['from_time']."', '".$_REQUEST['to_time']."', '".$_REQUEST['date_event']."')
推荐答案
切勿在不清理数据的情况下将字符串数据插入sql语句中,否则最终会导致sql注入(有意或无意注入),请参见
Never insert string data into your sql statement without sanitizing the data or you end up with sql injections (intentional or unintentional injections), see http://php.net/mysql_real_escape_string
If you do not have a debugger installed, let php print the sql statement so you can inspect it.
格式化和缩进您的sql查询.通过这种方式,它们更容易阅读和调试.
Format and indent your sql queries. They are much easier to read and debug that way.
始终检查mysql_query()的返回值.如果为FALSE,则查询失败,并且 mysql_errno()或
Always check the return value of mysql_query(). If it's FALSE the query failed and mysql_errno() or mysql_error() can tell you more about the cause of the error.
如果您要使用的标识符也是 MySQL的保留字,您几乎总是必须将其放在反引号(`)或double_quotes(在ansi模式下)中.
If you want to use an identifier that is also a reserved word for MySQL you almost always must put it in backticks (`) or double_quotes (in ansi mode).
http://dev.mysql.com/doc/refman/5.0/en/date-and-time-types.html
使用_REQUEST进行INSERT操作可能会令人怀疑...但是我将其留给其他人来回答;-)
Using _REQUEST for INSERT operations may be questionable ...but I leave that to others to answer ;-)
<?php
$mysql = mysql_connect...
$query = " INSERT INTO `calendar` (`event`, `from`, `to`, `day`) VALUES ( '" . mysql_real_escape_string($_REQUEST['event'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['from_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['to_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['date_event'], $mysql]) ."' ) "; echo '<pre>$query=', htmlspecialchars($query), '</pre>'; $result = mysql_query($query, $mysql); if ( !$result ) { echo 'error: ', mysql_error($mysql); }
$query = " INSERT INTO `calendar` (`event`, `from`, `to`, `day`) VALUES ( '" . mysql_real_escape_string($_REQUEST['event'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['from_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['to_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['date_event'], $mysql]) ."' ) "; echo '<pre>$query=', htmlspecialchars($query), '</pre>'; $result = mysql_query($query, $mysql); if ( !$result ) { echo 'error: ', mysql_error($mysql); }
和顺便说一句:改用准备的语句.
这篇关于PHP MySQL语法,用于插入日期,时间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!