谁能告诉我这行有什么问题?
VALUES('$_POST[POS]','$_POST[GP]','$_POST[Goals]','$_POST[Assists]','$_POST[Points]','$_POST[Polarity]','$_POST[PPG]','$_POST[SHG]','$_POST[PIM]','$_POST[Hits]','$_POST[Shots]','$_POST[Shots %]')";
在上下文中:
<?php
$con = mysql_connect("localhost","ernie","gomes");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("ernie", $con);
$sql="INSERT INTO statplayer (POS, GP, Goals, Assists, Points, Polarity, PPG, SHG, PIM, Hits, Shots, Shot %)
VALUES('$_POST[POS]','$_POST[GP]','$_POST[Goals]','$_POST[Assists]','$_POST[Points]','$_POST[Polarity]','$_POST[PPG]','$_POST[SHG]','$_POST[PIM]','$_POST[Hits]','$_POST[Shots]','$_POST[Shots %]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
正如对问题的评论所暗示的那样,这似乎是由于Shots %
中的空格。这需要引用,在SQL和PHP。你的错误是一个PHP错误,但我认为你会得到一个SQL错误,一旦你修复它。
请参阅下文,以了解如何在该名称周围加上引号。
$sql="INSERT INTO statplayer (POS, GP, Goals, Assists, Points, Polarity, PPG, SHG, PIM, Hits, Shots, `Shot %`)
VALUES('$_POST[POS]','$_POST[GP]','$_POST[Goals]','$_POST[Assists]','$_POST[Points]','$_POST[Polarity]','$_POST[PPG]','$_POST[SHG]','$_POST[PIM]','$_POST[Hits]','$_POST[Shots]','."$_POST['Shots %']."')";
或
$sql="INSERT INTO statplayer (POS, GP, Goals, Assists, Points, Polarity, PPG, SHG, PIM, Hits, Shots, `Shot %`)
VALUES('$_POST[POS]','$_POST[GP]','$_POST[Goals]','$_POST[Assists]','$_POST[Points]','$_POST[Polarity]','$_POST[PPG]','$_POST[SHG]','$_POST[PIM]','$_POST[Hits]','$_POST[Shots]','{$_POST['Shots %']}')";
但是请阅读关于SQL注入和如何防止它。你的代码完全是易受攻击的
看起来你的代码有很多问题,但我们都必须从某个地方开始。在脚本的顶部,输入以下内容以打开错误报告:
error_reporting(-1);
为了生成更好的代码,您应该对每个文件都这样做。要回答你的问题,它失败的原因是因为你需要在数组变量周围加上花括号,就像这样:
$string = "Some text with a {$array['var']} variable";
另外,请注意'var'周围有引号。你不能做$array[var](没有引号'var',否则你会得到一个通知,var没有被定义。此外,不建议在变量名中使用空格或"%"之类的字符。因此,我在下面的示例中将其更改为'ShotPercent'。
正如许多人提到的,你的脚本很容易受到SQL注入,所以我强烈建议你完全放弃mysql_*函数。它们已经过时了。相反,使用PDO。像这样的代码应该可以工作:
<?php
$host = 'localhost';
$dbname = 'ernie';
$user = 'ernie';
$pass = 'gomes';
try {
$dbh = new LoggedPDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$dbh->setAttribute( PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC );
} catch(PDOException $e) {
die("DB connection error: ".$e->getMessage());
}
$sql="INSERT INTO statplayer (POS, GP, Goals, Assists, Points, Polarity, PPG, SHG, PIM, Hits, Shots, ShotPercent)
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )";
$sth = $dbh->prepare($sql);
try {
$sth->execute(array($_POST['POS'], $_POST['GP'], $_POST['Goals'], $_POST['Assists'], $_POST['Points'], $_POST['Polarity'], $_POST['PPG'] , $_POST['SHG'], $_POST['PIM'], $_POST['Hits'], $_POST['Shots'],$_POST['ShotPercent']));
} catch(PDOException $e) {
die(echo $e->getMessage());
}
echo $sth->rowCount() .' record(s) added';