PHP 格式的意外错误消息(SQL 语法错误)


unexpected error message in php form (SQL syntax error)

我已经用数据库制作了一个简单的php cms表单,但是当我想提交带有一些虚拟数据的表单时,它无法正常工作!我不知道为什么会发生这种情况,我还添加了mysqli_error()来获取我面临的错误类型,但我只得到了这个:

您的 SQL 语法有错误;请查看与您的 MySQL 服务器版本对应的手册,了解在第 2 行的",",")附近使用的正确语法

<?php 
if (isset($_POST['submit'])){
    $post_title = $_POST['title'];
    $post_date = date('d-m-y');
    $post_author = $_POST['author'];
    $post_keywords = $_POST['keywords'];
    $post_content = $_POST['content'];
    $post_image = $_FILES['image']['name'];
    $image_tmp = $_FILES['image']['tmp_name'];
    if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
        echo '<script>alert("Some fields are missing")</script>';
    }else{
        move_uploaded_file($image_tmp,"post_images/$post_image");
        $insert_query = "INSERT INTO posts 
        (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author',$post_image','$post_keywords','$post_content')";
        $insert_post = mysqli_query($con,$insert_query);
        if ($insert_post){
            echo '<h3 style="color:green">Post has been added successfully.</h3>';
        }else{
            echo mysqli_error($con);
        }
    }
}
?>
<form method="POST" action="" enctype="multipart/form-data">
    <table width="600" align="center" border="10">
        <tr>
            <td align="center"><h6>Insert Post Title</h6></td>
            <td align="center"><input type="text" name="title"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Author</h6></td>
            <td align="center"><input type="text" name="author"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Keywords</h6></td>
            <td align="center"><input type="text" name="keywords"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Image</h6></td>
            <td align="center"><input type="file" name="image"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Content</h6></td>
            <td align="center"><textarea name="content" cols="10" rows="10"></textarea></td></br>
        </tr>
        <tr>
            <td align="center"><input type="submit" name="submit" value="Submit"/></td>
        </tr>
    </table>
</form>

如果您分享此问题的解决方案,这将对我非常有帮助......谢谢!

您在 $post_image 之前缺少引号:

,$post_image'

应该是:

,'$post_image'

因此,完整的 SQL 语句变为:

$insert_query = "INSERT INTO posts 
    (post_title, post_date, post_author, post_image, post_keywords, post_content)
    VALUES ('$post_title', '$post_date', '$post_author', '$post_image', 
            '$post_keywords', '$post_content')";

请注意,您正在执行以下if作业:

if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){

您应该使用双==而不是=

最后,您的代码容易受到 SQL 注入的影响。因此,请使用带有参数的预准备语句。

这样写语句更好

// this not always works
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
        echo '<script>alert("Some fields are missing")</script>';
    }
// yeah much better 
 if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author)){
            echo '<script>alert("Some fields are missing")</script>';
        }

和SQL错误很可能是因为这里

'$post_keywords','$post_content')";

$post_keywords$post_content为空或为空

更改

  1. 使用 empty 检查空变量
  2. 使用||而不是or
  3. 检查验证您正在执行的操作。( move_uploaded_file
  4. 小心引号 ( $post_image' ) - 这是代码中的错误
  5. 增强mysqli_errorif (!$insert_post){

法典

<?php 
    if (isset($_POST['submit']))
    {
        $post_title = $_POST['title'];
        $post_date = date('d-m-y');
        $post_author = $_POST['author'];
        $post_keywords = $_POST['keywords'];
        $post_content = $_POST['content'];
        $post_image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];
        if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author))
        {
            echo '<script>alert("Some fields are missing")</script>';
        }
        else
        {
            if (!move_uploaded_file($image_tmp,"post_images/$post_image")) {
                echo "Move Failed";
            }
            else
            {
                $insert_query = "INSERT INTO posts (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author','$post_image','$post_keywords','$post_content')";
                $insert_post = mysqli_query($con,$insert_query);
                if (!$insert_post){
                    echo mysqli_error($con);
                }
                else
                {
                    echo '<h3 style="color:green">Post has been added successfully.</h3>';
                }
            }
        }
    }
?>