我得到以下错误信息:
解析错误:syntax error, unexpected " .$E_phone_No. " " (T_CONSTANT_ENCAPSED_STRING) in E:'Xamp'htdocs'CreateEmployee.php on line 28
错误是什么,我遇到一个问题,我找不到错误。
<?php
$conn=oci_connect("system","123","localhost/orcl");
ob_start();
$current_file=$_SERVER['SCRIPT_NAME'];
$massage= "";
if(isset($_POST['E_First_Name'])&&
isset($_POST['E_Last_Name'])&&isset($_POST['E_Gender'])&&
isset($_POST['E_address'])&&isset($_POST['E_phone_No'])&&
isset($_POST['E_category'])&&isset($_POST['EMP_salary'])&&
isset($_POST['work_hour'])&&isset($_POST['Date_Of_Join']) )
{
$E_First_Name= $_POST['E_First_Name'];
$E_Last_Name = $_POST['E_Last_Name'];
$E_Gender = $_POST['E_Gender'];
$E_address = $_POST['E_address'];
$E_phone_No = $_POST['E_phone_No'];
$E_category = $_POST['E_category'];
$EMP_salary = $_POST['EMP_salary'];
$work_hour =$_POST['work_hour'];
$Date_Of_Join=$_POST['Date_Of_Join'];
if(!empty($E_First_Name)&&!empty($E_Last_Name)&&
!empty($E_Gender)&&!empty($E_address)&&!empty($E_phone_No)&&
!empty($E_category)&&!empty($EMP_salary)&&!empty( $work_hour)&&!empty($Date_Of_Join))
{
$sql = "insert into Employee (E_First_Name,E_Last_Name,user_name,password,E_Gender,E_address,E_phone_No,E_category,EMP_salary,work_hour,Date_Of_Join) values('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."',"'.$E_phone_No."','".$E_category .'",'".$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
$stid = oci_parse($conn,$sql);
$r = @oci_execute($stid);
if($r)
{
echo ' data is inserted...<br>';
}
else
{
echo 'data was not inserted...<br>';
}
}
else
{
$massage = "please fill up all the form correctly<br>";
}
}
?>
<html>
<head>
<title>Create FoodItem Table</title>
<style>
body
{
background:orange;
}
</style>
<head>
<body>
fill all the forms for inserting data:<br><br>
<?php echo $massage;?>
<hr color="green">
<form action="<?php echo $current_file;?>" method="POST">
E_First_Name:<br> <input type="text" name ="E_First_Name" ><br><br>
E_Last_Name:<br> <input type="text" name="E_Last_Name" ><br><br>
E_Gender:<br> <input type="text" name="E_Gender" ><br><br>
E_address:<br> <input type="text" name ="E_address"><br><br>
E_phone_No:<br> <input type= "text" name="E_phone_No" ><br><br>
E_category:<br><input type="text" name="E_category"><br><br>
EMP_salary:<br><input type="text" name="EMP_salary" ><br><br>
work_hour:<br><input type="text"name="work_hour"><br><br>
Date_Of_Join:<br><input type="text"name="Date_Of_Join"><br><br>
<input type ="submit" value="Create employee "><br><br>
<a href="EmployeeTableshow.php">Show Employee Table</a>
</form>
</body>
这个错误是由VALUES中以下四个变量的引号不匹配引起的:
$E_phone_No $E_category $work_hour $Date_Of_Join
"'.$E_phone_No."','".$E_category .'"
修改为:
'".$E_phone_No."','".$E_category ."'
以及:
'". $work_hour.'","'.$Date_Of_Join.'"
修改为:
'". $work_hour."','".$Date_Of_Join."'
值重写:
('".$E_First_Name."','".$E_Last_Name."',NULL,NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','".$work_hour."','".$Date_Of_Join."')
你可能还想在"text"和"name=...之间添加空格(为了清晰):
<input type="text"name="Date_Of_Join">
:
<input type="text" name="Date_Of_Join">
它已经在注释中解决了,你的代码很容易受到SQL注入。
语法高亮显示您的错误。你有引号问题:
$EMP_salary.'",'". $work_hour.'","'.$Date_Of_Join.'")";
^^^^^^
HERE
改为:
$EMP_salary.'","'. $work_hour.'","'.$Date_Of_Join.'")";
您的查询和变量的连接错误,在查询中插入字符串的正确方法是
'".$variable."'
将结束单引号放在双引号之前,而应该相反。所以改变这部分
NULL,'".$E_Gender."','".$E_address."','".$E_phone_No."','".$E_category ."','".$EMP_salary."','". $work_hour."','".$Date_Of_Join."')";