$_POST保存mysql数据库错误 - $_POST error saving mysql database

我有这个代码，这是从电子邮件给出的链接注册用户。ID和Email被表单获取并显示，然后检查是否有用户它会在字段中显示内容，这只是一个更新。现在我要做的是CREATE，因为给用户的链接中的ID还不存在。这是Register.php

文件中的代码

<?php
    load_function('database.php');
    if(!empty($_GET['user_id']) && !empty($_GET['cbemail'])) 
    {
        $user_id = base64_decode($_GET['user_id']);
        $email = base64_decode($_GET['cbemail']);   
        $employee = get_employee($user_id,$email);
    }
        /*$first_name = $_POST['first_name'];
        $middle_name = $_POST['middle_name'];
        $last_name = $_POST['last_name'];
        $suffix = $_POST['suffix'];
        $gender = $_POST['gender'];
        $date_birth = $_POST['date_birth'];
        $cbemail = $_POST['cbemail'];
        $locality_id = $_POST['locality_id'];
        $home_phone = $_POST['home_phone'];
        $mobile_phone = $_POST['mobile_phone'];*/
?>
<div id="main-content">
    <div id="emp_registrationform">
      <form action="" method="post">
        <table width="600" border="0">
        <h1>Create Employee</h1>
          <tr>
            <td class="align-right"><label for="user_id">User</label>
            <input type="text" name="user_id" id="user_id" 
             value="<?php if(isset($user_id)){echo $user_id ; } ?>"/></td>
            </td>
          </tr>
          <tr>
            <td class="align-right"><label for="first_name">First Name</label>
              <input type="text" name="first_name" id="first_name" value='<?php echo $employee['first_name'] ?>'/></td>
            <td><label for="birth_date">Birth Date</label>
              <input type="text" name="birth_date" id="birth_date" value='<?php echo $employee['date_birth'] ?>'/></td>
          </tr>
          <tr>
            <td class="align-right"><label for="middle_name">Middle Name</label>
              <input type="text" name="middle_name" id="middle_name" value='<?php echo $employee['middle_name'] ?>'/></td>
            <td><label for="cbemail">Email</label>
              <input type="text" name="cbemail" id="cbemail" 
               value="<?php if(isset($email)){echo $email ; } ?>"/></td>
          </tr>
          <tr>
            <td class="align-right"><label for="last_name">Last Name</label>
              <input type="text" name="last_name" id="last_name" value='<?php echo $employee['last_name'] ?>'/></td>
            <td><label for="locality_id">Locality ID</label>
              <input type="text" name="locality_id" id="locality_id" value='<?php echo $employee['locality_id'] ?>'/></td>
          </tr>
          <tr>
            <td class="align-right"><label for="suffix">Suffix</label>
              <input type="text" name="suffix" id="suffix" value='<?php echo $employee['suffix'] ?>'/></td>
            <td><label for="home_phone">Phone(Home)</label>
              <input type="text" name="home_phone" id="home_phone" value='<?php echo $employee['home_phone'] ?>'/></td>
          </tr>
          <tr>
            <td class="align-right"><label for="gender">Gender</label>
              <select>
                <option selected><?php echo  $employee['gender'] ?></option>
                <option value="male">Male</option>
                <option value="female">Female</option>
              </select></td>
            <td><label for="mobile_phone">Phone(Mobile)</label>
              <input type="text" name="mobile_phone" id="mobile_phone" value='<?php echo  $employee['mobile_phone'] ?>'/></td>
          </tr>
           <td class="align-right">
              <input type="submit" id="submit-btn" value="Create Employee" />
           </td>
           <td>&nbsp;</td>
        </table>
      </form>
    </div>
  </div>

我的问题是这个数据，是不被捕获时保存在数据库上。我在数据库中的功能如下。

function add_employee($user_id, $first_name, $middle_name, $last_name, 
                      $suffix, $gender, $date_birth, $cbemail, 
                      $locality_id, $home_phone, $mobile_phone) {
    $db   =  load_db();
    $sql = "INSERT into employees (
            user_id, first_name, middle_name, last_name, 
            suffix, gender, date_birth, cbemail,
            locality_id, home_phone, mobile_phone 
            ) VALUES (
            $user_id, $first_name, $middle_name, $last_name, 
            $suffix, $gender, $date_birth, $cbemail,
            $locality_id, $home_phone, $mobile_phone
            )";
    $result = $db->query($sql);
}

是的，我需要POST，但我不知道如何在输入框的值字段中捕获"值"。

提交按钮将在这行代码中重定向。

if(isset($_POST['save_user'])){
    add_employee($_POST['user_id'], $_POST['first_name'], $_POST['middle_name'], $_POST['last_name'], 
                 $_POST['suffix'], $_POST['gender'], $_POST['date_birth'], $_POST['cbemail'], 
                 $_POST['locality_id'], $_POST['home_phone'], $_POST['mobile_phone']);

有什么想法吗?我希望你能理解这个问题。

对于要存储在Mysql数据库中的字符串，您需要使用"(引号).

对于$_POST['first_name']这样的字符串，使用'$_POST['first_name']'

Btw尝试使用参数化查询也是安全的，

SQL中的字符串值必须加引号。你是在没有引用的情况下把数据倾倒进去。这是无效的SQL。

使用参数化查询，这些查询将自动引用您的数据，并对其进行转义，以消除巨大的SQL注入安全漏洞。

用这个

function add_employee($user_id, $first_name, $middle_name, $last_name, 
                  $suffix, $gender, $date_birth, $cbemail, 
                  $locality_id, $home_phone, $mobile_phone) {
$db   =  load_db();
$sql = "INSERT into employees (
        user_id, first_name, middle_name, last_name, 
        suffix, gender, date_birth, cbemail,
        locality_id, home_phone, mobile_phone 
        ) VALUES (
        '".$user_id."', '".$first_name."', '".$middle_name."', '".$last_name."', 
        '".$suffix."', '".$gender."', '".$date_birth."', '".$cbemail."',
        '".$locality_id."', '".$home_phone."', '".$mobile_phone."'
        )";
$result = $db->query($sql);
}

什么是if(isset($_POST['save_user'])){我没有看到save_user名称的任何字段。您应该将其更改为其他一些东西，可能是if(isset($_POST['user_id'])){。此外，您还需要其他人提到的引号。