将 DropDown 值保存到 Php MySQL
Saving DropDown Value to PhpMySQL
我想知道如何将下拉列表 select 值保存到数据库,我收到一条错误消息,显示 "Invalid Input: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near." 在我实施性别下拉列表时。
这是代码
if(empty($_POST['Gender'])){
$Gender = '';
$flag=1;
} else
$Gender = ($_POST['Gender']);
和Select:
<select id="Gender" name="Gender" class="input-xlarge">
<option>Select Gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
输入:
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', $UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
在 $UserName 附近使用遗漏的单引号,
试试这个
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', '$UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
问题在于您的 php mysql select 语句的形成方式:
$sql = " INSERT INTO User(FirstName)
VALUES ('$FirstName', '$LastName'); ";
或者从双引号内的所有变量名中删除单引号。
或者在开头使用单引号并像这样包围变量:
' . $FirstName . '
这样做就可以了:
$sql = ' INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('.$FirstName.', '.$LastName.', '.$Gender.', '.$UserName.', '.$EPassword.', '.$EreEnterPassword.', '.$EmailAdd.', '.$reEnterEmailAdd.')';
另请查看此答案:Single quotes or double quotes for variable concatenation?
P.S。您的应用程序完全容易受到 sql 注入的攻击。您应该研究如何清理用户输入。
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', '$UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd')";
1) $UserName 前缺少单引号,
2) 圆括号完成后删除半列,
3) 尽量使用“.”串联运算符,因此您可以获得完美的变量名,
喜欢 ('.$FirstName.', '.$LastName.', '.$Gender.' 等等)
我想知道如何将下拉列表 select 值保存到数据库,我收到一条错误消息,显示 "Invalid Input: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near." 在我实施性别下拉列表时。
这是代码
if(empty($_POST['Gender'])){
$Gender = '';
$flag=1;
} else
$Gender = ($_POST['Gender']);
和Select:
<select id="Gender" name="Gender" class="input-xlarge">
<option>Select Gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
输入:
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', $UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
在 $UserName 附近使用遗漏的单引号,
试试这个
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', '$UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
问题在于您的 php mysql select 语句的形成方式:
$sql = " INSERT INTO User(FirstName)
VALUES ('$FirstName', '$LastName'); ";
或者从双引号内的所有变量名中删除单引号。
或者在开头使用单引号并像这样包围变量:
' . $FirstName . '
这样做就可以了:
$sql = ' INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('.$FirstName.', '.$LastName.', '.$Gender.', '.$UserName.', '.$EPassword.', '.$EreEnterPassword.', '.$EmailAdd.', '.$reEnterEmailAdd.')';
另请查看此答案:Single quotes or double quotes for variable concatenation?
P.S。您的应用程序完全容易受到 sql 注入的攻击。您应该研究如何清理用户输入。
$sql = " INSERT INTO User(FirstName, LastName, Gender, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$Gender', '$UserName', '$EPassword', '$EreEnterPassword', '$EmailAdd', '$reEnterEmailAdd')";
1) $UserName 前缺少单引号,
2) 圆括号完成后删除半列,
3) 尽量使用“.”串联运算符,因此您可以获得完美的变量名, 喜欢 ('.$FirstName.', '.$LastName.', '.$Gender.' 等等)