php- inserting into sql error

问题

<?php
$database="jayesh"; //database name
$first=$_POST['first'];//this values comes from html file after submitting
$last=$_POST['last'];
$con = mysqli_connect("localhost","root" ,"");//for wamp 3rd feild is balnk
if (!$con)
{
die('Could not connect: ' . mysqli_connect_error());
}
mysqli_select_db("$database", $con);

$query = "INSERT INTO info (first,last)VALUES ('$first','$last')";
mysqli_query($query);

echo "<script type='text/javascript'>\n";
echo "alert('you are Succesflly registered');\n";
echo "</script>";


mysqli_close();
?> 

This is my code. I m getting following errors. Plz help. thnx

Warning: mysqli_select_db() expects parameter 1 to be mysqli, string given in C:\wamp\www\New folder\insert.php on line 10

Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\wamp\www\New folder\insert.php on line 13

Warning: mysqli_close() expects exactly 1 parameter, 0 given in C:\wamp\www\New folder\insert.php on line 20

回答1:

it requires 4 parameters 1st is host, 2nd user, 3rd password and 4th db name mysqli_connect("localhost","root" ,"",$database);

回答2:

Changes -

$con = mysqli_connect("localhost","root" ,"", $database);

And -

mysqli_query($con, $query);

回答3:

The problem is that mysqli_connect takes all 4 parameters for connection, in the format of;

mysqli_connect("myhost", "myuser", "mypassw", "mybd");

I have correced this in the code below.

<?php
// Set Database name;
$database = "jayesh";           

$con      = mysqli_connect("localhost", "root", "", $database);
if (!$con) {
    die('Could not connect: ' . mysqli_connect_error());
}

$first    = isset($_POST['first']) && strlen($_POST['first']) ? mysqli_real_escape_string($con, $_POST['first']) : '' ;
$last     = isset($_POST['last'])  && strlen($_POST['last'])  ? mysqli_real_escape_string($con, $_POST['last'])  : '' ;

$query = "INSERT INTO `info` (`first`, `last`) VALUES ('$first', '$last')";
mysqli_query($con, $query);

echo "<script type='text/javascript'>\n";
echo "alert('you are Succesflly registered');\n";
echo "</script>";

mysqli_close($con);

Some notes, which I have also changed in your code;

The variables were insecure. Direct entry of user data into a query is bad practice. It could be malicious.

To solve this, I simply checked if the posted variable was set and that it contains data (strlen). After that, you throw it through mysqli_real_escape_string to escape it and make it safe for insertion to the database;

Note: As mysqli_real_escape_string() requires the first parameter to be the database connection, it had to be moved past the database connection;

mysqli_close() requires the database connection parameters of which it is to close.

This just requires $con placing inside it, so it knows which connection to close. In complex systems, with multiple databases in play, missing the connection could cause an issue down the line somewhere

Note: The requirement for first parameter also extends to the mysqli_query() function, which has been changed in the code above too.

来源：https://stackoverflow.com/questions/27897902/php-inserting-into-sql-error