我完全遵循w3schools.com中的代码.但是我仍然遇到上述错误,数据库表也没有更新.
我的html和php代码如下:
<form action="register.php" method="post">
<select name="title" size="1">
<option>Mr.</option>
<option>Ms.</option>
<option>Prof.</option>
<option>Dr.</option>
</select>
<label class="label">Given Name: <input name="givenname" type="text" value="Enter Your First Name" maxlength="30" /></label>
<label class="label">Surname: <input name="surname" type="text" /></label>
<label class="label">Address: <input name="address" type="text" maxlength="80" /></label>
<label class="label">Phone No: <input name="phoneno" type="text" /></label>
<label class="label">Email ID: <input name="emailid" type="text" /></label>
<label class="label">Fax: <input name="fax" type="text" /></label>
<label class="label">Pincode: <input name="pincode" type="text" /></label>
<label class="label">Country: <input name="country" type="text" /></label>
<input name="submit" type="submit" />
</form>
<?php
$con=mysqli_connect("my_Ipaddress","abcd","abcd");
//database connection
if (mysqli_connect_errno())
{
echo "Failed to connect to Database...There must be some error! We are working on it!!" . mysqli_connect_error();
}
$sql="INSERT INTO Registrations (Title, Given Name, Surname, Address, Phone No, Email ID, Fax, Pincode, Country)
VALUES ('$_POST[title]','$_POST[givenname]','$_POST[surname]','$_POST[address]','$_POST[phoneno]','$_POST[emailid]','$_POST[fax]','$_POST[pincode]','$_POST[country]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error());
}
echo "1 record added";
mysqli_close($con);
?>
问题是你的一些字段中间包含空格.为了避免语法错误,这些字段必须用反引号换行,
INSERT INTO Registrations
(Title, `Given Name`, Surname, Address,
`Phone No`, `Email ID`, Fax, Pincode, Country)
VALUES(...)
作为一个旁注,查询是脆弱的SQL Injection,如果值(小号变量)从外面走了进来.请查看下面的文章,了解如何防止它.通过使用,PreparedStatements您可以摆脱使用值周围的单引号.
| 归档时间: |
|
| 查看次数: |
10991 次 |
| 最近记录: |