MySQL / php INSERT 语句显示不可预测的结果(无插入)

发布于 2024-10-21 22:10:14 字数 1772 浏览 2 评论 0原文

所有数据都在通过,因为我已经反复进行了充分的测试以确保其完整。我遇到的问题是我的 INSERT 语句:

<?php
$db_name = "db";
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "INSERT INTO badges        (id,company_name,company_address,company_city,company_state,company_zip, badge_name,   badge_title) VALUES ";
for($i = 0; $i < count($_POST['badge_name']); $i++) {
$sql = "(
$_SESSION[company_name],
$_SESSION[company_address],
$_SESSION[company_city],    
$_SESSION[company_state],
$_SESSION[company_zip],
".$_POST['badge_name'][$i].",
".$_POST['badge_title'][$i].")";}
$result = mysql_query($sql) or die(mysql_error());
echo print_r($sql);
?>

我的 $sql print_r() 是:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Test Company Name, 1224 Adams Ave, Portland,  Oregon, 97128, Bill Smith, W' at line 2

没有数据插入我的表中。我已经验证和测试了用户/通行证等。一切正常。

为了更好地衡量,这是我的数组输出,显示所有数据均按预期传递。

迈克·琼斯
所有者
测试公司名称
1224 Adams Ave
波特兰
俄勒冈州
97128

比尔·史密斯
工人
测试公司名称
1224 Adams Ave
波特兰
俄勒冈州
97128

我想我在这里错过了一些愚蠢的简单的东西,但刚刚花了 4-5 个小时就开始发疯了!感谢您对我的无知有任何见解!

这是我的表转储以供参考:

CREATE TABLE IF NOT EXISTS `badges` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`company_name` varchar(255) NOT NULL,
`company_address` varchar(255) NOT NULL,
`company_city` varchar(100) NOT NULL,
`company_state` varchar(25) NOT NULL,
`company_zip` varchar(12) NOT NULL,
`badge_name` varchar(100) NOT NULL,
`badge_title` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

All the data is being passed as I have sufficiently tested over and over to ensure it is complete. The problem I am having is with my INSERT statement:

<?php
$db_name = "db";
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "INSERT INTO badges        (id,company_name,company_address,company_city,company_state,company_zip, badge_name,   badge_title) VALUES ";
for($i = 0; $i < count($_POST['badge_name']); $i++) {
$sql = "(
$_SESSION[company_name],
$_SESSION[company_address],
$_SESSION[company_city],    
$_SESSION[company_state],
$_SESSION[company_zip],
".$_POST['badge_name'][$i].",
".$_POST['badge_title'][$i].")";}
$result = mysql_query($sql) or die(mysql_error());
echo print_r($sql);
?>

And my $sql print_r() is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Test Company Name, 1224 Adams Ave, Portland,  Oregon, 97128, Bill Smith, W' at line 2

No data is being inserted in my table. I have verified and tested user/pass etc. All working OK.

For good measure, here is my array output showing ALL data is passed as expected.

Mike Jones
Owner
Test Company Name
1224 Adams Ave
Portland
Oregon
97128

Bill Smith
Worker
Test Company Name
1224 Adams Ave
Portland
Oregon
97128

I think I am missing something stupid simple here, but just been on this for 4-5 hours starting to go nuts! Thanks for any insight as to my ignorance!

Here is my table dump for any reference:

CREATE TABLE IF NOT EXISTS `badges` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`company_name` varchar(255) NOT NULL,
`company_address` varchar(255) NOT NULL,
`company_city` varchar(100) NOT NULL,
`company_state` varchar(25) NOT NULL,
`company_zip` varchar(12) NOT NULL,
`badge_name` varchar(100) NOT NULL,
`badge_title` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

滿滿的愛 2024-10-28 22:10:14

这将起作用,注意 sql concat ,用于多次插入

    <?php 
function cleanit($input){
    return mysql_real_escape_string(preg_replace('/[^a-zA-Z0-9\?.,_ -]/s', '', $input));
}
        $db_name = "db";
        $connection = mysql_connect('localhost','root','') or die(mysql_error());
        $db = mysql_select_db($db_name,$connection) or die(mysql_error());
        $sql = "INSERT INTO badges (id,company_name,company_address,company_city,company_state,company_zip, badge_name, badge_title) VALUES ";
        for($i = 0; $i <= count($_POST['badge_name']); $i++) {


        $sql .= '("","'.cleanit($_SESSION['company_name']).'",
        "'.cleanit($_SESSION['company_address']).'",
        "'.cleanit($_SESSION['company_city']).'",    
        "'.cleanit($_SESSION['company_state']).'",
        "'.cleanit($_SESSION['company_zip']).'",
        "'.cleanit($_POST['badge_name'][$i]).'",
        "'.cleanit($_POST['badge_title'][$i]).'")';
        if($i<count($_POST['badge_name'])){$sql .=',';}
     }
        $result = mysql_query($sql) or die(mysql_error());
        echo print_r($sql);
        ?>

this will work, note the sql concat , for multiple inserts

    <?php 
function cleanit($input){
    return mysql_real_escape_string(preg_replace('/[^a-zA-Z0-9\?.,_ -]/s', '', $input));
}
        $db_name = "db";
        $connection = mysql_connect('localhost','root','') or die(mysql_error());
        $db = mysql_select_db($db_name,$connection) or die(mysql_error());
        $sql = "INSERT INTO badges (id,company_name,company_address,company_city,company_state,company_zip, badge_name, badge_title) VALUES ";
        for($i = 0; $i <= count($_POST['badge_name']); $i++) {


        $sql .= '("","'.cleanit($_SESSION['company_name']).'",
        "'.cleanit($_SESSION['company_address']).'",
        "'.cleanit($_SESSION['company_city']).'",    
        "'.cleanit($_SESSION['company_state']).'",
        "'.cleanit($_SESSION['company_zip']).'",
        "'.cleanit($_POST['badge_name'][$i]).'",
        "'.cleanit($_POST['badge_title'][$i]).'")';
        if($i<count($_POST['badge_name'])){$sql .=',';}
     }
        $result = mysql_query($sql) or die(mysql_error());
        echo print_r($sql);
        ?>
三生路 2024-10-28 22:10:14

我认为你的问题不是在插入时将字符串括起来,

$_SESSION[company_name] 

对于其他人来说也是

'$_SESSION[company_name]'

如此,你的字符串不被视为字符串,而是一种 sql 类型的令牌

I think your problem is not enclosing your strings upon insert

$_SESSION[company_name] 

to

'$_SESSION[company_name]'

same goes for others, your string is not treated as a string but an sql sort of token

爱已欠费 2024-10-28 22:10:14

您的错误是您没有正确连接 sql 查询,并尝试在要插入数据库中的值周围使用单引号。它还可能会引发错误。

在此输入代码`

<?
$db_name = "test";
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "INSERT INTO badges        (company_name,company_address,company_city,company_state,company_zip, badge_name,   badge_title) VALUES ";

for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
  $sql .= "('". $_SESSION['company_name'] . "','"
            . $_SESSION['company_address'] . "','"
            . $_SESSION['company_city'] . "','"
            . $_SESSION['company_state'] . "','"
            . $_SESSION['company_zip'] . "','"
            . $_POST['badge_name'][$i] . "','"
            . $_POST['badge_title'][$i] ."')";

  if($i<count($_POST['badge_name'])-1){$sql .=',';} // if your array count is more than one than add , to make query compatible with mysql sytax  
}
echo $sql;
$result = mysql_query($sql) or die(mysql_error());

?>`

your error was that you do not concatenate sql query properly and try to use single quotation around value that you are going to insert in database. it may also raise error.

enter code here`

<?
$db_name = "test";
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "INSERT INTO badges        (company_name,company_address,company_city,company_state,company_zip, badge_name,   badge_title) VALUES ";

for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
  $sql .= "('". $_SESSION['company_name'] . "','"
            . $_SESSION['company_address'] . "','"
            . $_SESSION['company_city'] . "','"
            . $_SESSION['company_state'] . "','"
            . $_SESSION['company_zip'] . "','"
            . $_POST['badge_name'][$i] . "','"
            . $_POST['badge_title'][$i] ."')";

  if($i<count($_POST['badge_name'])-1){$sql .=',';} // if your array count is more than one than add , to make query compatible with mysql sytax  
}
echo $sql;
$result = mysql_query($sql) or die(mysql_error());

?>`
君勿笑 2024-10-28 22:10:14

工作代码:

for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
$sql .= "('"
        . $_SESSION['company_name'] . "','"
        . $_SESSION['company_address'] . "','"
        . $_SESSION['company_city'] . "','"
        . $_SESSION['company_state'] . "','"
        . $_SESSION['company_zip'] . "','"
        . $_POST['badge_name'][$i] . "','"
        . $_POST['badge_title'][$i] ."')";

if($i<count($_POST['badge_name'])-1){$sql .=',';}  
}

Working code:

for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
$sql .= "('"
        . $_SESSION['company_name'] . "','"
        . $_SESSION['company_address'] . "','"
        . $_SESSION['company_city'] . "','"
        . $_SESSION['company_state'] . "','"
        . $_SESSION['company_zip'] . "','"
        . $_POST['badge_name'][$i] . "','"
        . $_POST['badge_title'][$i] ."')";

if($i<count($_POST['badge_name'])-1){$sql .=',';}  
}
嘿咻 2024-10-28 22:10:14

首先,由于这是一个插入,我们将删除 id,此外,您将在 for 循环中覆盖 $sql($sql = 而不是 $sql .= ) 并且会话密钥格式错误,应引用非整数输入。我假设 zip 存储为整数,如果不添加,请将其更改为 '$_SESSION['company_zip']'

$sql = "INSERT INTO badges (company_name,company_address,company_city,company_state,company_zip,badge_name,badge_title) VALUES ";
for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
     $sql .= "('$_SESSION['company_name']','$_SESSION['company_address']','$_SESSION['company_city']','$_SESSION['company_state']',$_SESSION['company_zip'],'$_POST['badge_name'][$i]','$_POST['badge_title'][$i]')";
}
$result = mysql_query($sql) or die(mysql_error());
echo print_r($sql);
?>

First off, since this is an insertion, we'll remove id, also, you are overwriting $sql in the for loop ($sql = instead of $sql .=) and the session keys are malformed and non-integer inputs should be quoted. I assumed that zip is stored as an integer, if not add change it to '$_SESSION['company_zip']':

$sql = "INSERT INTO badges (company_name,company_address,company_city,company_state,company_zip,badge_name,badge_title) VALUES ";
for($i = 0; $i < count($_POST['badge_name']); $i++) 
{
     $sql .= "('$_SESSION['company_name']','$_SESSION['company_address']','$_SESSION['company_city']','$_SESSION['company_state']',$_SESSION['company_zip'],'$_POST['badge_name'][$i]','$_POST['badge_title'][$i]')";
}
$result = mysql_query($sql) or die(mysql_error());
echo print_r($sql);
?>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文