Insert into MySQL Table PHP

后端未结

关注

 5  894

悲&欢浪女 2021-01-13 22:37

I am having some trouble making a simple form to insert data into a MySQL table. I keep getting this SQL error:

\"Error: You have an error in your SQL

5条回答

爱一瞬间的悲伤 (楼主)

2021-01-13 23:07

Please learn to use parameter binding. You are creating code with security vulnerabilities.

Here's how to do your code in mysqli:

$sql = "INSERT INTO current stock (ItemNumber, Stock) VALUES (?, ?)";

if (!($stmt = mysqli_prepare($con, $sql))) {
    die('Error: ' . mysqli_error($con));
}

if (!mysqli_stmt_bind_param($stmt, "ii", $_POST[ItemNumber], $_POST[Stock])) {
    die('Error: ' . mysqli_stmt_error($stmt));
}

if (!mysqli_stmt_execute($stmt)) {
    die('Error: ' . mysqli_stmt_error($stmt));
}

It's easier to use bound parameters than to get all confused with quotes-within-quotes.

0 讨论(0)

查看其它5个回答