两个查询:
$reg_insert_basic_query = <<<SQL
INSERT INTO `Members` (username, password, email, api_key)
VALUES ('$nuser', '$hash', '$nemail', '$napik');
$gw2name = "name.3245";
$gw2_world_id = $epa_array[0]['world'];
$gw2_world_name = "'".$epw_array[0]['name']."'";
$gw2name = mysqli_real_escape_string($mysqli, $gw2name);
$reg_insert_basic_query = <<<SQL
INSERT INTO Members (gw2_name, WorldID, Worldname)
VALUES ($gw2name, $gw2_world_id, $gw2_world_name)
SQL;
if(!$result = $mysqli->query($reg_insert_basic_query)){
die('<br />There was an SQL error![' . $mysqli->error . ']');
}
我认为在$gw2_name周围使用单引号或双引号都可以,但什么都不起作用。我不知道如何净化"name.3245"中的句号,使其发挥作用。
$reg_insert_basic_query = <<<SQL
UPDATE `Members`
SET gw2_name = '$gw2name', WorldID = '$gw2_world_id', Worldname = '$gw2_world_name'
WHERE ID = '$u_id'
SQL;
在不创建新行的情况下修复该问题。