duanjing7459 2019-02-04 21:51
浏览 77
已采纳

PHP表单提交 - 语法错误

I have an HTML form that is fairly simple:

HTML:

<form method="POST" id="form-1" name="form-1">
   <p>     
      <input type="text" name="fm1q1">
      <input type="number" name="fm1q1-score">
   </p>
   <p>     
      <input type="text" name="fm1q2">
      <input type="number" name="fm1q2-score">
   </p>
   <p>     
      <input type="text" name="fm1q3">
      <input type="number" name="fm1q3-score">
   </p>
   <p>     
      <input type="text" name="fm1q4">
      <input type="number" name="fm1q4-score">
   </p>
   <p>     
      <input type="text" name="fm1q5">
      <input type="number" name="fm1q5-score">
   </p>
   <button type="submit" name="submit">SUBMIT</button>
</form>

I'm using a simple Ajax call:

$('#form-1').on('submit', function(e){
    e.preventDefault();
    $.ajax({
        type:   'POST',
        url:    'submitForm.php',
        data:   $(this).serialize(),
        success: function(data){
            console.log(data);
        },
        error: function(xhr, ajaxOptions, thownError){
            console.log(xhr.status);
            console.log(thrownError);
        }
    });
});

The PHP that inserts the form data into a MySQL DB Table is like this:

require "config.php"; // Contains all my connection information 
$answers = array($_POST['fm1q1'], $_POST['fm1q2'], $_POST['fm1q3'], $_POST['fm1q4'], $_POST['fm1q5']);
$scores = array($_POST['fm1q1-score'], $_POST['fm1q2-score'], $_POST['fm1q3-score'], $_POST['fm1q4-score'], $_POST['fm1q5-score']);

for ($i = 0; $i < 5; $i++) { 
   $sql = "INSERT INTO table_1 (answer, score) VALUES ('$answers[$i]', '$scores[$i]')";
   $result = mysqli_query($conn, $sql);
   if (!$conn->query($result) === TRUE) {
      echo "Error: " . $sql . "--" . $conn->error. "
";
   }
 }

$conn->close();

The problem I'm running into is that my Developer Tools say I have a Syntax error in the $sql= line, but I can't see what's wrong.

Error: INSERT INTO table_1 (answer, score) VALUES ('test', '123')--You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
  • 写回答

2条回答 默认 最新

  • drtiwd06558 2019-02-04 22:06
    关注

    You're trying to execute the query twice. Once here:

    mysqli_query($conn, $sql)
    

    and once here:

    $conn->query($result)
    

    And furthermore, in the second attempt you aren't executing the query but rather trying to execute the results of the query. I'm not sure why it's failing with that exact error message, but I'd certainly expect it to fail somehow.

    What has you confused is that you're outputting your first query after having checked if your second query has failed. So you're misleading yourself in your debugging.

    Just remove that second query attempt. You already have the results from the first one:

    $result = mysqli_query($conn, $sql);
    if ($result !== TRUE) {
        echo "Error: " . $sql . "--" . mysqli_error($conn) . "
    ";
    }
    

    You should definitely make the choice of whether to use the function notation or the object notation with mysqli, and stay consistent with your choice. Trying to mix the two might work in some cases but it's ultimately going to cause confusion like this.


    Also, and this is important... Your code is wide open to SQL injection. PHP provides considerable information on what that means here. And this is a great starting point for correcting it. Regardless of how you approach it, the bottom line is that you should never put user-modifiable data directly into a query as though it's part of the code. This allows user to put actual code in your query.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错
  • ¥15 Matlab编程问题
  • ¥15 训练的多模态特征融合模型准确度很低怎么办