当前位置: 动力学知识库 > 问答 > 编程问答 >

php - Inserting data into MySQL table with only one column

问题描述:

Here's my HTML code:

<html>

<body>

<form action="insert.php" method="post">

Script Name: <input type="text" name="scriptname">

<input type="submit">

</form>

</body>

</html>

Here's my PHP code:

<?php

$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");

// Check connection

if (mysqli_connect_errno())

{

echo "Failed to connect to MySQL: " . mysqli_connect_error();

}

$sql="INSERT INTO appslist (listall)

VALUES

('$_POST[scriptname]";

if (!mysqli_query($con,$sql))

{

die('Error: ' . mysqli_error($con));

}

echo "1 record added";

mysqli_close($con);

?>

What I'm trying to do is insert in the table appslist into the column listall (the only column in that database).

But I keep getting this error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''43things clone script' at line 3

网友答案:

You must close your brackets here:

"INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]')";
网友答案:

Here, do use the following which is a safer method.

To point out where you made your mistake, it was a missing quote ' and a bracket ) in ('$_POST[scriptname] which should have read as ('$_POST[scriptname]') (EDIT: As Dan Bracuk pointed out in his comment, thank you Dan.) however, using this method is prone to SQL injection.

Also wrapping your table name with backticks is suggested.

EDIT:

Use the the following (inside commented code below) if you haven't declared your variable.

$scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);

Instead of: (Both are in the code below. Simply use the one you need)

$scriptname=mysqli_real_escape_string($con,$scriptname);

PHP

<?php
$con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

// use the commented one below if you haven't declared your variable.
// $scriptname=mysqli_real_escape_string($con, $_POST['scriptname']);
$scriptname=mysqli_real_escape_string($con,$scriptname);

$sql="INSERT INTO `appslist` (listall) 
VALUES ('$scriptname')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?>
网友答案:

use this:

$var = mysql_real_escape_string($_POST['scriptname']);
$sql="INSERT INTO appslist (listall) VALUES ('$var')";

instead of this:

$sql="INSERT INTO appslist (listall)
VALUES
('$_POST[scriptname]";

You missed ') at the end of statement and ' ' in $_POST variable

网友答案:

try this

<?php
    $con=mysqli_connect("localhost","escalate_test","database88","escalate_test");
    // Check connection
    if (mysqli_connect_errno())
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }
    $scriptname = stripslashes($_POST['scriptname']);
    $sql="INSERT INTO appslist (listall) VALUES('$scriptname')";

    if (!mysqli_query($con,$sql))
      {
      die('Error: ' . mysqli_error($con));
      }
    echo "1 record added";

    mysqli_close($con);
    ?>
分享给朋友:
您可能感兴趣的文章:
随机阅读: