我真的很难处理这段php代码,因为我想使用从另一个表获得的数据将消息插入到表中。这是我的代码:
$get_user_sql = "SELECT username FROM members WHERE id = '$member'";
$get_user_res = mysqli_query($con, $get_user_sql);
while($username = mysqli_fetch_assoc($get_user_res)){
$user = $username["username"];
};
$get_message_sql = "SELECT message FROM posts WHERE id = '1377077348-5922'";
$get_message_res = mysqli_query($con, $get_message_sql);
while($postsmessage = mysqli_fetch_assoc($get_message_res)){
$postmessage = $postsmessage["message"];
};
$type = "liked";
$title = "New Like";
$message = "<a href='"profile.php?member=$user'">$user</a> just liked your post:<br /><i>$postmessage</i>";
$insert_note_sql = "INSERT INTO notes (id, sender, recipient, type, title, message, date) VALUES('$id', '$member', '$recipient', '$type', '$title', '$message', '$time')";
$insert_note_res = mysqli_query($con, $insert_note_sql);
我发现,如果我从$message行中删除$postmessage,一切都会很好,但当我再次添加它时,行就不会插入。有人能看出原因吗?
您没有转义您的值,很可能您的某些内容包含引号或其他未转义的字符。
尝试使用mysqli_real_escape_string:
$postmessage = mysqli_real_escape_string($postsmessage);
在将每个值插入数据库之前,您应该转义,请阅读有关SQL注入的更多信息。您的代码具有潜在的威胁。