错误:INSERT INTO杂货店("GrocerID"、"GrocerName"、"Address","LogoImage")值("GID0072","BigBazaar","India,Andhra Pradesh,522124','WIN_20150817_121614.JPG')您的SQL中有错误句法;查看与MySQL服务器版本相对应的手册有关在"GrocerID"、"GrocerName"、"Address"附近使用的正确语法,"LogoImage")值(第1行的"GID0072"、"BigBazaar"
<?php
$servername = "localhost";
$username = "root";
$password = "secret";
$dbname = "task";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$GrocerID=$_POST['GrocerID'];
$GrocerName=$_POST['GrocerName'] ;
$Address=$_POST['Address'];
$LogoImage=$_POST['LogoImage'] ;
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO grocery ('GrocerID', 'GrocerName', 'Address', 'LogoImage')
VALUES ('$GrocerID', '$GrocerName','$Address','$LogoImage')";
if ($conn->query($sql) === TRUE) {
header('Location:task.html');
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
数据库图像
有人能告诉我我在这里犯了什么错误吗??
我用过数据库名称:任务,餐桌名称:杂货店但是我不明白我在哪里做错了。
感谢
不使用backticks
``在''
中写入列
INSERT INTO grocery
(GrocerID, GrocerName, Address, LogoImage)
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')
删除'
INSERT INTO grocery
(GrocerID, GrocerName, Address, LogoImage)
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')
或
将'
替换为`[倒勾]
[注意:您可以在键盘中的Esc key
下方找到backtick
]
INSERT INTO grocery
(`GrocerID`, `GrocerName`, `Address`, `LogoImage`)
VALUES ('GID0072', 'BigBazaar','India, Andhra Pradesh, 522124','WIN_20150817_121614.JPG')
并且,使用real_escape_string()来防止SQL Injection Attacks
PHP提供real_escape_string()来转义字符串,然后将查询发送到MySQL。此功能由许多人在同一场合用字符串转义单引号防止SQL注入攻击。然而,它可以产生严重的安全性错误使用时的缺陷。
$GrocerName = $conn->real_escape_string($_POST['GrocerName']);
$Address = $conn->real_escape_string($_POST['Address']);
$LogoImage = $conn->real_escape_string($_POST['LogoImage']);
$sql = "INSERT INTO grocery (`GrocerID`, `GrocerName`, `Address`, `LogoImage`)
VALUES ('$GrocerID', '$GrocerName','$Address','$LogoImage')";
请勿将quotes
用于column_name
。