I'm trying to execute this:
$result = mysql_query("INSERT INTO timesheet (project_no,user,cust_name,notes,duration) VALUES("'".$_POST['project']."', '".$_POST['user']."', '".$_POST['cust']."', '".$_POST['notes']."', '".$_POST['duration']."'")") or die(mysql_error());
I'm aware of SQL injection. But for now can anyone spot the issues with apostrophes, speech marks etc??
分享 The apostrophes were not correct.
$result = mysql_query("INSERT INTO timesheet (project_no,user,cust_name,notes,duration) VALUES('".$_POST['project']."', '".$_POST['user']."', '".$_POST['cust']."', '".$_POST['notes']."', '".$_POST['duration']."')") or die(mysql_error());
The mistake was in the beginning in "values" and on the closing bracket inside the query string. Use an editor with syntax highlighting, that would've already showed the problem.
分享
