我已经阅读了5.1.73 MySQL手册,当我尝试POST / GET时,我无法找到MySQL给我的语法错误:
mysqli_query($connect,'INSERT INTO serial (name, company, algo, country, notes) VALUES ('.$_GET['name'].','.$_GET['company'].','.$_GET['algo'].','.$_GET['country'].','.$_GET['notes'].')');
MySQL错误:
您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册,以便在“FCINGZ000 ***,未知,谢谢”附近使用正确的语法。'在第1行
答案 0 :(得分:0)
您应该将$_GET值分配给变量以防止语法错误。另外,使用mysqli_real_escape_string()阻止MySQL注入。
$name = mysqli_real_escape_string($connect, $_GET['name']);
$company = mysqli_real_escape_string($connect, $_GET['company']);
$algo = mysqli_real_escape_string($connect, $_GET['algo']);
$country = mysqli_real_escape_string($connect, $_GET['country']);
$notes = mysqli_real_escape_string($connect, $_GET['notes']);
mysqli_query($connect, "INSERT INTO serial (name, company, algo, country, notes) VALUES ('$name', '$company', '$algo', '$country', '$notes')");