我正在尝试插入一行到表中。好了,页面添加了行,但是当它这样做时,出现了一个MySQL错误,像这样:
这是我的PHP代码:Error: SQL语法错误;查看手册对应于MySQL服务器版本,以便使用正确的语法在第1行'1'附近
<?php
$lang = "english";
header('Content-Type: text/html; charset=UTF-8');
require '../security.php';
$con=mysqli_connect($sec[0],$sec[1],$sec[2],$lang);
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (!$con->set_charset("utf8")) {
} else {
}
$result = mysqli_query($con,"INSERT INTO `ta_exp` (`date`, `cargo`, `DP`, `LP`, `url`)
VALUES ('".mysqli_real_escape_string($con,$_GET['date_exp'])."','".mysqli_real_escape_string($con,$_GET['cargo_exp'])."','".mysqli_real_escape_string($con,$_GET['lp_exp'])."','".mysqli_real_escape_string($con,$_GET['dp_exp'])."','".mysqli_real_escape_string($con,$_GET['url'])."')");
if (!mysqli_query($con,$result)) {
die('Error: ' . mysqli_error($con));
}
echo "added";
mysqli_close($con);
?>
mysqli_prepare是要走的路:
$query = "INSERT INTO `ta_exp` (`date`, `cargo`, `DP`, `LP`, `url`)
VALUES (?, ?, ?, ?, ?)";
if ($stmt = mysqli_prepare($con, $query)) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "sssss", $_GET['date_exp'],
$_GET['cargo_exp'],
$_GET['lp_exp'],
$_GET['dp_exp'],
$_GET['url']);
/* execute query */
mysqli_stmt_execute($stmt);
}
最后我的代码是这样的:
$con = new mysqli($sec[0],$sec[1],$sec[2],$lang);
if ($con->connect_error) {
trigger_error('Database connection failed: ' . $con->connect_error, E_USER_ERROR);
}
if (!$con->set_charset("utf8")) {
} else {
}
$sql = "INSERT INTO experiences (`date`, `cargo`, `DP`, `LP`, `url`)
VALUES ('".mysqli_real_escape_string($con,$_GET['date_exp'])."','".mysqli_real_escape_string($con,$_GET['cargo_exp'])."','".mysqli_real_escape_string($con,$_GET['lp_exp'])."','".mysqli_real_escape_string($con,$_GET['dp_exp'])."','".mysqli_real_escape_string($con,$_GET['url'])."')";
if($con->query($sql) === false)
{
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $con->error, E_USER_ERROR);
} else {
$last = $con->insert_id;
$aff = $con->affected_rows;
}
$con->close();