消息
创作中心
dswm97353 2013-11-15 23:12
浏览 30
已采纳

PHP和MySQL中的INSERT查询语法错误

I am not able to insert id and name in myTable MySQL table by using following PHP syntax. id is integer field and name is varchar field.

$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", ".$_SESSION["name"].");";

Is there something wrong with above syntax? As per me its right because if insert hardcoded values, those are inserted fine.

  • 写回答

5条回答 默认 最新

  • dongzhang1864 2013-11-15 23:15
    关注

    Yes, you need to use single quotes for name

    $query="INSERT INTO myTable (id, name) VALUES (" . $_SESSION["id"] . ", '" . $_SESSION["name"]."');";

    Also, please try not to contstruct the queries by hand using string concatenation/substitution. It can be dangerous if your $_SESSION (somehow) contains content that can manipulate queries completely.

    Read about SQL Injection, and what PHP offers.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

 客服 返回
顶部