当我尝试打开此php页面时,我在error_log中收到以下错误。我不确定我的错误是什么,我检查并仔细检查了代码,有人可以帮忙。
[26-Jul-2013 11:29:51 UTC] PHP Parse error: syntax error, unexpected T_STRING in /home/robbiewi/public_html/forumtest/create_cat.php on line 18
。
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo "<form method='post' action=''>
Category name: <input type='text' name='cat_name' />
Category description: <textarea name='cat_description' /></textarea>
<input type='submit' value='Add category' />
</form>";
}
else
{
//the form has been posted, so save it
$sql = 'ìINSERT INTO categories(cat_name, cat_description)'
VALUES('' . mysql_real_escape_string($_POST['cat_name']) .ì',
'' . mysql_real_escape_string($_POST['cat_description']) . ì')';
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category successfully added.';
}
}
?>
我正在使用Dreamweaver并指出错误,但它最密集地告诉我错误。
答案 0 :(得分:3)
您过早结束查询字符串:
ql = 'ìINSERT INTO categories(cat_name, cat_description)'
你也没有逃避'左右的价值观,使用\'或最好"
正确的语法和通常更清晰的版本:
$sql = "INSERT INTO
categories
(cat_name, cat_description)
VALUES
('".mysql_real_escape_string($_POST['cat_name'])."', '".mysql_real_escape_string($_POST['cat_description'])."')";
我还建议更清晰地使用变量,例如:
$name = mysql_real_escape_string($_POST['cat_name']);
$description = mysql_real_escape_string($_POST['cat_description']);
$sql = "INSERT INTO
categories
(cat_name, cat_description)
VALUES
('".$name."', '".$description."')";
答案 1 :(得分:0)
sql查询中的引号问题
纠正合成器
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo "<form method='post' action=''>
Category name: <input type='text' name='cat_name' />
Category description: <textarea name='cat_description' /></textarea>
<input type='submit' value='Add category' />
</form>";
}
else
{
//the form has been posted, so save it
$sql = 'INSERT INTO categories(cat_name, cat_description)
VALUES("' . mysql_real_escape_string($_POST['cat_name']) .'",
"' . mysql_real_escape_string($_POST['cat_description']) . '");';
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category successfully added.';
}
}
答案 2 :(得分:0)
$sql = 'INSERT INTO categories(cat_name, cat_description)VALUES("" . mysql_real_escape_string($_POST["cat_name"]) .ì",
"" . mysql_real_escape_string($_POST["cat_description"]) . ì")';
尝试使用此
答案 3 :(得分:0)
试试这个:
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo "<form method='post' action=''>
Category name: <input type='text' name='cat_name' />
Category description: <textarea name='cat_description' /></textarea>
<input type='submit' value='Add category' />
</form>";
}
else
{
//the form has been posted, so save it
$sql = '
INSERT INTO categories(
cat_name,
cat_description
)VALUES(
"'.mysql_real_escape_string($_POST['cat_name']).'",
"'.mysql_real_escape_string($_POST['cat_description']).'"
)';
$result = mysql_query($sql);
if(!$result){
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category successfully added.';
}
}
没有字符串转义。例如。 。 ' =&gt; \'
不过我建议更好的数据过滤器
答案 4 :(得分:0)
您的查询中的引用问题。
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
echo "<form method='post' action=''>
Category name: <input type='text' name='cat_name' />
Category description: <textarea name='cat_description' /></textarea>
<input type='submit' value='Add category' />
</form>";
}
else
{
//the form has been posted, so save it
$sql = '
INSERT INTO categories(
cat_name,
cat_description
)VALUES(
"'.mysql_real_escape_string($_POST['cat_name']).'",
"'.mysql_real_escape_string($_POST['cat_description']).'"
)';
$result = mysql_query($sql);
if(!$result){
echo 'Error' . mysql_error();
}
else
{
echo 'New category successfully added.';
}
}