我有一个很好的下拉列表,它正在从表团队(FK)填充。唯一不起作用的是将数据添加到匹配项中。我不断收到以下错误:
- team_home not set
- team_away not set
- Notice: Undefined index: team_home in vvo/insertmatch.php on line 28
- Notice: Undefined index: team_away in vvo/insertmatch.php on line 28
- Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'matches (team_home, team_away) VALUES ('','')' at line 1
谁能告诉我是什么导致了这些错误?
请参阅下面的代码,我知道它容易受到 sql 注入的攻击,但我只想让它工作。
**addmatch.php**
<?php
$con = mysql_connect("db.xx.nl","md190851db210288","xxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("md190851db210288", $con);
?>
<form action="insertmatch.php" method="GET">
<select name="team_home">
<?php
$sql = "SELECT team_id, team_name FROM teams ".
"ORDER BY team_name";
$rs = mysql_query($sql);
while($row = mysql_fetch_array($rs))
{
echo "<option value='"".$row['team_id']."'">".$row['team_name']."</option>'n ";
}
?>
</select>
<select name="team_away">
<?php
$sql = "SELECT team_id, team_name FROM teams ".
"ORDER BY team_name";
$rs = mysql_query($sql);
while($row = mysql_fetch_array($rs))
{
echo "<option value='"".$row['team_id']."'">".$row['team_name']."</option>'n ";
}
?>
</select>
<input type="submit" />
**insertmatch.php**
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$con = mysql_connect("db.xx.nl","md190851db210288","xxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if (isset($_POST['team_home'])) {
echo $_POST['team_home'];
} else {
echo 'team_home not set <br>';
}
if (isset($_POST['team_away'])) {
echo $_POST['team_away'];
} else {
echo 'team_away not set <br>';
}
mysql_select_db("md190851db210288", $con);
$sql="INSERT INTO matches (team_home, team_away)
VALUES
('$_POST[team_home]','$_POST[team_away]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
echo $team_home;
?>
试试这个
$sql=sprintf("INSERT INTO matches (team_home, team_away)VALUES('%s','%s')",mysql_real_escape_string($_POST['team_home']),mysql_real_escape_string($_POST['team_away']));
你的PHP无效:
$_POST[team_home]
里面的双引号是错误的。
用 {} 括起来,用单引号括起来team_home
{$_POST['team_home']}
其他领域也是如此。作为建议,请注意SQL注入,并在查询中使用$ _POST之前
只是想指出你在这里做什么
$sql="INSERT INTO matches (team_home, team_away)
VALUES
('$_POST[team_home]','$_POST[team_away]')";
是非常危险的。 不应直接使用任何全局变量。 您需要筛选并验证它们,否则您将向应用程序开放 SQL 注入攻击。