当我测试这个表单数据条目时,我没有遇到任何问题。当我尝试添加更复杂的文本时,在$post_content = $_POST['post_content'];
使用数字和非字母字符拾取的文本区域中,我遇到了这个错误。
查询失败:您的SQL语法有错误;查看与MariaDB服务器版本对应的手册,了解在附近使用的正确语法
我的代码如下:
<?php
if (isset($_POST['create_post'])){
$post_title = $_POST['title'];
$post_author = $_POST['author'];
$post_category_id = $_POST['post_category_id'];
$post_status = $_POST['post_status'];
$post_image = $_FILES['image']['name'];
$post_image_temp = $_FILES['image']['tmp_name'];
$post_tag = $_POST['post_tag'];
$post_content = $_POST['post_content'];
$post_date = date('d-m-y');
$post_comment_count = 4;
move_uploaded_file($post_image_temp, "../images/$post_image");
$query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) ";
$query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}',now(),'{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}' ) ";
$create_post_query = mysqli_query($connection, $query);
checkQuery($create_post_query);
}
?>
<form action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="post_status">Post Title</label>
<input type="text" class="form-control" name="title">
</div>
<div class="form-group">
<label for="post_category">Post Category Id</label>
<input type="text" class="form-control" name="post_category_id" placeholder="Please enter a number">
</div>
<div class="form-group">
<label for="post_author">Post Author</label>
<input type="text" class="form-control" name="author">
</div>
<div class="form-group">
<label for="post_status">Post Status</label>
<input type="text" class="form-control" name="post_status">
</div>
<div class="form-group">
<label for="post_image">Post Image</label>
<input type="file" name="image">
</div>
<div class="form-group">
<label for="post_tag">Post Tags</label>
<input type="text" class="form-control" name="post_tag">
</div>
<div class="form-group">
<label for="post_tags">Post Content</label>
<textarea class="form-control" name="post_content" id="" cols="30" rows="10"></textarea>
</div>
<div class="form-group">
<input class="btn btn-primary" type="submit" name="create_post" value="Publish Post">
</div>
</form>
我尝试将mysqli_real_escape_string
与我的$post_content = $_POST['post_content'];
结合使用,但没有成功,这让我认为我的查询语法不正确。任何帮助都将不胜感激。
try,
这个查询您的查询是不正确的
$query = "INSERT INTO posts (post_category_id, post_title, post_author, post_date, post_image, post_content, post_tag, post_comment_count, post_status) ";
$query .= "VALUES ({$post_category_id},'{$post_title}','{$post_author}','".date('Y-m-d')."','{$post_image}','{$post_content}','{$post_tag}','{$post_comment_count}','{$post_status}' ) ";