duanjing7459 2019-02-04 21:51
浏览 77
已采纳

PHP表单提交 - 语法错误

I have an HTML form that is fairly simple:

HTML:

<form method="POST" id="form-1" name="form-1">
   <p>     
      <input type="text" name="fm1q1">
      <input type="number" name="fm1q1-score">
   </p>
   <p>     
      <input type="text" name="fm1q2">
      <input type="number" name="fm1q2-score">
   </p>
   <p>     
      <input type="text" name="fm1q3">
      <input type="number" name="fm1q3-score">
   </p>
   <p>     
      <input type="text" name="fm1q4">
      <input type="number" name="fm1q4-score">
   </p>
   <p>     
      <input type="text" name="fm1q5">
      <input type="number" name="fm1q5-score">
   </p>
   <button type="submit" name="submit">SUBMIT</button>
</form>

I'm using a simple Ajax call:

$('#form-1').on('submit', function(e){
    e.preventDefault();
    $.ajax({
        type:   'POST',
        url:    'submitForm.php',
        data:   $(this).serialize(),
        success: function(data){
            console.log(data);
        },
        error: function(xhr, ajaxOptions, thownError){
            console.log(xhr.status);
            console.log(thrownError);
        }
    });
});

The PHP that inserts the form data into a MySQL DB Table is like this:

require "config.php"; // Contains all my connection information 
$answers = array($_POST['fm1q1'], $_POST['fm1q2'], $_POST['fm1q3'], $_POST['fm1q4'], $_POST['fm1q5']);
$scores = array($_POST['fm1q1-score'], $_POST['fm1q2-score'], $_POST['fm1q3-score'], $_POST['fm1q4-score'], $_POST['fm1q5-score']);

for ($i = 0; $i < 5; $i++) { 
   $sql = "INSERT INTO table_1 (answer, score) VALUES ('$answers[$i]', '$scores[$i]')";
   $result = mysqli_query($conn, $sql);
   if (!$conn->query($result) === TRUE) {
      echo "Error: " . $sql . "--" . $conn->error. "
";
   }
 }

$conn->close();

The problem I'm running into is that my Developer Tools say I have a Syntax error in the $sql= line, but I can't see what's wrong.

Error: INSERT INTO table_1 (answer, score) VALUES ('test', '123')--You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
  • 写回答

2条回答 默认 最新

  • drtiwd06558 2019-02-04 22:06
    关注

    You're trying to execute the query twice. Once here:

    mysqli_query($conn, $sql)

    and once here:

    $conn->query($result)

    And furthermore, in the second attempt you aren't executing the query but rather trying to execute the results of the query. I'm not sure why it's failing with that exact error message, but I'd certainly expect it to fail somehow.

    What has you confused is that you're outputting your first query after having checked if your second query has failed. So you're misleading yourself in your debugging.

    Just remove that second query attempt. You already have the results from the first one:

    $result = mysqli_query($conn, $sql);
if ($result !== TRUE) {
    echo "Error: " . $sql . "--" . mysqli_error($conn) . "
";
}

    You should definitely make the choice of whether to use the function notation or the object notation with mysqli, and stay consistent with your choice. Trying to mix the two might work in some cases but it's ultimately going to cause confusion like this.

    Also, and this is important... Your code is wide open to SQL injection. PHP provides considerable information on what that means here. And this is a great starting point for correcting it. Regardless of how you approach it, the bottom line is that you should never put user-modifiable data directly into a query as though it's part of the code. This allows user to put actual code in your query.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵