Please tell me what's wrong with my code!!!!
请告诉我我的代码有什么问题!!!!
new-payment.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Process New Payment</title>
</head>
<body>
<h1>Please Input Payment Details</h1>
<fieldset>
<legend>New Payment</legend>
<form action="process-payment.php" method="post" />
<table>
<tr>
<td>Date:</td><td><input type="date" name="date" /><br /></td>
</tr>
<tr>
<td>Today's Charge:</td><td><input type="text" name="charge" /><br /></td>
</tr>
<tr>
<td>Today's Payment:</td><td><input type="text" name="payment" /><br /></td>
</tr>
<tr>
<td>Client Number:</td><td><input type="text" name="client_no" /><br /></td>
</tr>
<tr>
<td>Client Name:</td><td><input type="text" name="client_name" /><br /></td>
</tr>
<tr>
<td>Check Number:</td><td><input type="text" name="check_no" /><br /></td>
</tr>
<tr>
<td>Check Amount:</td><td><input type="text" name="check" /><br /></td>
</tr>
<tr>
<td>Cash Amount:</td><td><input type="text" name="cash" /><br /></td>
</tr>
<tr>
<td>Notes:</td><td><input type="text" name="notes" /><br /></td>
</tr>
<tr>
<td>Staff Initials:</td><td><input type="text" name="staff_initials" /><br /></td>
</tr>
</table>
<input type="submit" value="Process Payment">
</form>
</fieldset>
<br />
</body>
</html>
process-payment.php
<?php
define('DB_NAME', 'DBNAME');
define('DB_USER', 'USERNAME');
define('DB_PASS', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if (!$link) {
dir('There was a problem when trying to connect to the host. Please contact Tech Support. Error: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$link) {
dir('There was a problem when trying to connect to the database. Please contact Tech Support. Error: ' . mysql_error());
}
$date = $_POST['date'];
$charge = $_POST['charge'];
$payment = $_POST['payment'];
$client_no = $_POST['client_no'];
$client_name = $_POST['client_name'];
$check_no = $_POST['check_no'];
$check = $_POST['check'];
$cash = $_POST['cash'];
$notes = $_POST['notes'];
$staff_initials = $_POST['staff_initials'];
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
?>
I do not know what is wrong but I get an error when I press Process Payment:
我不知道出了什么问题但是当我按流程付款时出现错误:
Error: You have an error in your SQL syntax; check the manual that corresponds to your >MySQL server version for the right syntax to use near 'check, cash, notes, staff_initials) >VALUES ('2012-09-24', '$0.00', '$20.00', '46' at line 1
错误:SQL语法中有错误;检查与您的> MySQL服务器版本对应的手册,以便在'check,cash,notes,staff_initials)附近使用正确的语法> VALUES('2012-09-24','$ 0.00','$ 20.00','46'at at第1行
3 个解决方案
#1
1
CHECK
is a MySQL reserved keyword. You must enclose it in backticks to use it as a column or table identifier.
CHECK是MySQL保留的关键字。您必须将其括在反引号中,以将其用作列或表标识符。
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, `check`, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
Note that your script is vulnerable to SQL injection. At a minimum, you must call mysql_real_escape_string()
over each of those input variables.
请注意,您的脚本易受SQL注入攻击。至少,您必须在每个输入变量上调用mysql_real_escape_string()。
// As in:
$charge = mysql_real_escape_string($_POST['charge']);
#2
1
change
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
to
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('".$date."', '".$charge."', '".$payment."', '".$client_no."', '".$client_name."', '".$check_no."', '".$check."', '".$cash."', '".$notes."', '".$staff_initials."')";
And it may pay to look up MySQL PDO instead of using the depreciated connection code you are using.
查找MySQL PDO而不是使用您正在使用的折旧连接代码可能会付出代价。
#3
0
Try to echo all element and see wheather some variable may be blank or empty or not.
尝试回显所有元素并查看某些变量可能为空或空或不。
I have same error. I solved by this way
我有同样的错误。我这样解决了
#1
1
CHECK
is a MySQL reserved keyword. You must enclose it in backticks to use it as a column or table identifier.
CHECK是MySQL保留的关键字。您必须将其括在反引号中,以将其用作列或表标识符。
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, `check`, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
Note that your script is vulnerable to SQL injection. At a minimum, you must call mysql_real_escape_string()
over each of those input variables.
请注意,您的脚本易受SQL注入攻击。至少,您必须在每个输入变量上调用mysql_real_escape_string()。
// As in:
$charge = mysql_real_escape_string($_POST['charge']);
#2
1
change
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('$date', '$charge', '$payment', '$client_no', '$client_name', '$check_no', '$check', '$cash', '$notes', '$staff_initials')";
to
$sql = "INSERT INTO payments (date, charge, payment, client_no, client_name, check_no, check, cash, notes, staff_initials) VALUES ('".$date."', '".$charge."', '".$payment."', '".$client_no."', '".$client_name."', '".$check_no."', '".$check."', '".$cash."', '".$notes."', '".$staff_initials."')";
And it may pay to look up MySQL PDO instead of using the depreciated connection code you are using.
查找MySQL PDO而不是使用您正在使用的折旧连接代码可能会付出代价。
#3
0
Try to echo all element and see wheather some variable may be blank or empty or not.
尝试回显所有元素并查看某些变量可能为空或空或不。
I have same error. I solved by this way
我有同样的错误。我这样解决了