我得到这个错误//错误
ERRORNSERT INTO new_comp_reg(phno,全名,地址,dept,desc)VALUES('','',''、'','')您的SQL语法有错误;查看与MariaDB服务器版本对应的手册,了解在第1行的"desc)VALUES(",",",")"附近使用的正确语法
PHP
<?php
$servername = 'mysql.hostinger.in';
$username = '';
$password = '';
$dbname = 'u424351292_icrcm';
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
//错误
ERRORNSERT INTO new_comp_reg(phno,全名,地址,dept,desc)VALUES('','',''、'','')您的SQL语法有错误;查看与MariaDB服务器版本对应的手册,了解在第1行的"desc)VALUES(",",",")"附近使用的正确语法
desc
是MySQL中的保留关键字,需要通过backticks进行转义。
INSERT INTO new_comp_reg (..., `desc`) VALUES (...)
或者将列名更改为description
。
顺便说一句,你没有转义你的用户输入,这可能会导致语法错误和SQL注入。使用准备好的报表。
if(isset($_POST['submit']))
{
$phone_no = $_POST['phno'];
$full_name = $_POST['fullname'];
$location = $_POST['address'];
$department = $_POST['dept'];
$description = $_POST['desc'];
}
$conn = new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error)
{
die("Connection Failed" . $conn->connect_error);
}
$sql = "INSERT INTO new_comp_reg VALUES ('$phone_no' , '$full_name' , '$location' , '$department' , '$description')";
if($conn->query($sql) === TRUE)
{
echo "Complaint Registered";`enter code here`
}
else
{
echo "ERROR".$sql."<br>".$conn->error;
}
$conn->close();
?>
我会说这是
$sql = "INSERT INTO new_comp_reg (phno , fullname , address , dept , desc) VALUES ('".mysql_real_escape_string($phone_no)."' , '".mysql_real_escape_string($full_name)"' , '".mysql_real_escape_string($location)"' , '".mysql_real_escape_string($department)"' , '".mysql_real_escape_string($description)"')";
这实际上会改善你的保护。还要检查你的列名,因为上面可能是你引用错了一个。