I'm trying to make a simple insert statement of user... but it errors out... I tried with only values and it works, it must be something with the way I deal with arrays inside the insert statement?
我想对用户做一个简单的插入语句……但它的错误……我只尝试了值,它是有效的,它一定是我在insert语句中处理数组的方式?
ANy ideas?
什么好主意吗?
if ($new_user_data) {
$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
VALUES ( ". $new_user_data['user_name'] .",". $new_user_data['user_year'] .",". $new_user_data['user_sex'] .",". $new_user_data['user_pic'] .",1,". $new_user_data['user_password'] .",". $new_user_data['user_email'] ." )");
print_r($mysqli->error);
}
error:
错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.coms )' at line 2
1 个解决方案
#1
3
You need to wrap your strings in quotes:
你需要把你的字符串用引号括起来:
$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
VALUES ( '". $new_user_data['user_name'] ."','". $new_user_data['user_year'] ."','". $new_user_data['user_sex'] ."','". $new_user_data['user_pic'] ."',1,'". $new_user_data['user_password'] ."','". $new_user_data['user_email'] ." )'");
I know i can't see all of your code, but it looks like you're wide open to SQL Injections.
我知道我看不到你所有的代码,但是看起来你对SQL注入是完全开放的。
#1
3
You need to wrap your strings in quotes:
你需要把你的字符串用引号括起来:
$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
VALUES ( '". $new_user_data['user_name'] ."','". $new_user_data['user_year'] ."','". $new_user_data['user_sex'] ."','". $new_user_data['user_pic'] ."',1,'". $new_user_data['user_password'] ."','". $new_user_data['user_email'] ." )'");
I know i can't see all of your code, but it looks like you're wide open to SQL Injections.
我知道我看不到你所有的代码,但是看起来你对SQL注入是完全开放的。