dongshen3352
2014-04-20 08:54
浏览 64
已采纳

如何将表单脚本中的记录插入到mysql数据库中?

//How can the following code be amended so that the values inserted into my form can be inserted into my mysql database? I can connect to my database just fine, my database is called images and the table is called persons.

     //This is my insert.php file

        <?php
            $con=mysqli_connect("localhost","root","anble","images");
            // Check connection
            if (mysqli_connect_errno())
            {
              echo "Failed to connect to MySQL: " . mysqli_connect_error();
            }

            // escape variables for security
            $FirstName = mysqli_real_escape_string($_POST["FirstName"]);
            $LastName = mysqli_real_escape_string($_POST["LastName"]);
            $Age = mysqli_real_escape_string($_POST['Age']);

            $sql="INSERT INTO Persons (Name, LastName, Age);
            VALUES ($FirstName, $LastName, $Age)";

            if (!mysqli_query($con,$sql))
            {
              die('Error: ' . mysqli_error($con));
            }
            echo "1 record added";

            mysqli_close($con);
            ?> 

        // This is my form file

        <html>
        <body>

        <form action="insert.php" method="post">
        Firstname: <input name="FirstName" type="text" value="FirstName">
        Lastname: <input name="LastName" type="text" value="LastName">
        Age: <input name="Age" type="text" value="Age">
        <input type="submit">
        </form>

        </body>
        </html> 



   // This is the error
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp \htdocs\check_php\insert.php on line 10

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\check_php\insert.php on line 11

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\check_php\insert.php on line 12
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; VALUES (, , )' at line 1
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dtxw20878 2014-04-20 09:02
    已采纳

    cahnge :

      // escape variables for security
            $FirstName = mysqli_real_escape_string($_POST["FirstName"]);
            $LastName = mysqli_real_escape_string($_POST["LastName"]);
            $Age = mysqli_real_escape_string($_POST['Age']);
    

    to:

      // escape variables for security
            $FirstName = mysqli_real_escape_string($con,$_POST["FirstName"]);
            $LastName = mysqli_real_escape_string($con,,$_POST["LastName"]);
            $Age = mysqli_real_escape_string($con,$_POST['Age']);
    

    mysqli_real_escape_string() need two parameters to pass
    1)connection

    2)escapestring

    you have passed only escapestring, you need provide link identifier in mysqli_real_escape_string().

    see doc

    you also need to add quotes in string variable inside query. Change:

    $sql="INSERT INTO Persons (Name, LastName, Age);
                VALUES ($FirstName, $LastName, $Age)";
    

    to:

    $sql="INSERT INTO Persons (Name, LastName, Age)
                VALUES ('$FirstName', '$LastName', '$Age')";
    
    点赞 评论
  • dps69208 2014-04-20 09:01

    Change this:

    1) mysqli_real_escape_string() expects 2 required parameters.

    2) $Firstname and $Lastname are string variables. They should be enclosed in single quotes ' when used in queries.

    $FirstName = mysqli_real_escape_string($con, $_POST["FirstName"]);
    $LastName = mysqli_real_escape_string($con, $_POST["LastName"]);
    $Age = mysqli_real_escape_string($con, $_POST['Age']);
    
    $sql="INSERT INTO Persons (Name, LastName, Age);
          VALUES ('$FirstName', '$LastName', $Age)";
    
    点赞 评论

相关推荐 更多相似问题