duanjing7459 2019-02-04 21:51
浏览 77
已采纳

PHP表单提交 - 语法错误

I have an HTML form that is fairly simple:

HTML:

<form method="POST" id="form-1" name="form-1">
   <p>     
      <input type="text" name="fm1q1">
      <input type="number" name="fm1q1-score">
   </p>
   <p>     
      <input type="text" name="fm1q2">
      <input type="number" name="fm1q2-score">
   </p>
   <p>     
      <input type="text" name="fm1q3">
      <input type="number" name="fm1q3-score">
   </p>
   <p>     
      <input type="text" name="fm1q4">
      <input type="number" name="fm1q4-score">
   </p>
   <p>     
      <input type="text" name="fm1q5">
      <input type="number" name="fm1q5-score">
   </p>
   <button type="submit" name="submit">SUBMIT</button>
</form>

I'm using a simple Ajax call:

$('#form-1').on('submit', function(e){
    e.preventDefault();
    $.ajax({
        type:   'POST',
        url:    'submitForm.php',
        data:   $(this).serialize(),
        success: function(data){
            console.log(data);
        },
        error: function(xhr, ajaxOptions, thownError){
            console.log(xhr.status);
            console.log(thrownError);
        }
    });
});

The PHP that inserts the form data into a MySQL DB Table is like this:

require "config.php"; // Contains all my connection information 
$answers = array($_POST['fm1q1'], $_POST['fm1q2'], $_POST['fm1q3'], $_POST['fm1q4'], $_POST['fm1q5']);
$scores = array($_POST['fm1q1-score'], $_POST['fm1q2-score'], $_POST['fm1q3-score'], $_POST['fm1q4-score'], $_POST['fm1q5-score']);

for ($i = 0; $i < 5; $i++) { 
   $sql = "INSERT INTO table_1 (answer, score) VALUES ('$answers[$i]', '$scores[$i]')";
   $result = mysqli_query($conn, $sql);
   if (!$conn->query($result) === TRUE) {
      echo "Error: " . $sql . "--" . $conn->error. "
";
   }
 }

$conn->close();

The problem I'm running into is that my Developer Tools say I have a Syntax error in the $sql= line, but I can't see what's wrong.

Error: INSERT INTO table_1 (answer, score) VALUES ('test', '123')--You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
  • 写回答

2条回答 默认 最新

  • drtiwd06558 2019-02-04 22:06
    关注

    You're trying to execute the query twice. Once here:

    mysqli_query($conn, $sql)

    and once here:

    $conn->query($result)

    And furthermore, in the second attempt you aren't executing the query but rather trying to execute the results of the query. I'm not sure why it's failing with that exact error message, but I'd certainly expect it to fail somehow.

    What has you confused is that you're outputting your first query after having checked if your second query has failed. So you're misleading yourself in your debugging.

    Just remove that second query attempt. You already have the results from the first one:

    $result = mysqli_query($conn, $sql);
if ($result !== TRUE) {
    echo "Error: " . $sql . "--" . mysqli_error($conn) . "
";
}

    You should definitely make the choice of whether to use the function notation or the object notation with mysqli, and stay consistent with your choice. Trying to mix the two might work in some cases but it's ultimately going to cause confusion like this.

    Also, and this is important... Your code is wide open to SQL injection. PHP provides considerable information on what that means here. And this is a great starting point for correcting it. Regardless of how you approach it, the bottom line is that you should never put user-modifiable data directly into a query as though it's part of the code. This allows user to put actual code in your query.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置