use*_*660 0 html php mysql forms
我试图在数据库表中发布3个不同的信息,但是我得到了一个错误 Column count doesn't match value count at row 1
这是我的数据库表结构:
interestID int(11) auto_increment
name varchar(100)
categoryID int(11)
interest_desc varchar(30)
date timestamp
表格:
<form id="form_design" method="post" action="interesting.php">
<fieldset id="input_1">
<input type="text" id="username" value="name?" />
</fieldset>
<fieldset id="input_2">
<input type="text" id="interest" value="your interest?" />
</fieldset>
<fieldset id="input_3>
<select id="cats">
<option value="">--</option>
<?php
$sql = "SELECT categoryID, category_desc FROM categories "."ORDER BY category_desc"; $rs = mysql_query($sql);
while($row = mysql_fetch_array($rs))
{
echo "<option value=\"".$row['categoryID']."\">".$row['category_desc']."</option>\n "; }
?>
</select>
</fieldset>
<input type="submit" name="submit" value="Submit" />
</form>
将其插入表中的php检索列计数与第1行的值计数不匹配
PHP -
$interest_user = $_POST['username'];
$interest_name = $_POST['interest'];
$interest_cats = $_POST['cats'];
mysql_query("INSERT INTO interests ( interestID, name, categoryID
, interest_desc, date )
VALUES( "",'$interest_user' '$interest_cats'
, '$interest_name', "" ) ")
or die(mysql_error());
缺少逗号之间的逗号 '$interest_user' '$interest_cats'
应该
'$interest_user', '$interest_cats'
更多问题: -
mysql_query("INSERT INTO interests
(interestID,name,categoryID,interest_desc,date) VALUES( "",'$interest_user'
'$interest_cats', '$interest_name',"" ) ")
您确定没有收到语法错误吗?
应该 :-
mysql_query("INSERT INTO interests
(interestID,name,categoryID,interest_desc,date) VALUES( '','$interest_user'
'$interest_cats', '$interest_name','' ) ")
基本问题已解决,
您的插入方式易受SQL注入攻击
以下是您必须阅读的列表: - https://stackoverflow.com/search?q=sql+injection