php 将会话变量插入 MySQL 数据库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10402894/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Insert session variable into MySQL database
提问by user1368371
Hey I am new to PHp and I am trying to enter details into my database. I am trying to enter an eventname- which the user enters (POST) and the username of the logged in user.
嘿,我是 PHp 的新手,我正在尝试将详细信息输入到我的数据库中。我正在尝试输入一个事件名称 - 用户输入(POST)和登录用户的用户名。
I have created sessions to store users usernames, the code i have is
我创建了会话来存储用户用户名,我拥有的代码是
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername']
$sql = mysql_query("INSERT INTO $tbl_nameVALUES('','$eventname','$_SESSION['myusername'])");
echo "You have been added to the event";
Its the $sql statement which is giving the error? any help would be much appreciated.
它是给出错误的 $sql 语句?任何帮助将非常感激。
Thanks all!
谢谢大家!
回答by Michael Berkowski
There are several potential problems here.
这里有几个潜在的问题。
First, you have not escaped eventnameagainst SQL injection. We assume hopefully that myusernameis already safe. If it has not been previously filtered, also use mysql_real_escape_string()on $_SESSION['myusername'].
首先,您没有逃脱eventnameSQL 注入。我们假设希望这myusername已经是安全的。如果之前没有过滤,也使用mysql_real_escape_string()on $_SESSION['myusername']。
$eventname = mysql_real_escape_string($_POST['eventname']);
// Then you need space before VALUES and are missing a closing quote on $_SESSION['myusername'], which should be in {}
$sql = mysql_query("INSERT INTO $tbl_name VALUES('','$eventname','{$_SESSION['myusername']}')");
Finally, in order for the statement to work, it assumes you have exactly three columns in $tbl_name. You should be explicit about the columns used. Substitute the correct column names for colname1, event_name, username.
最后,为了使语句起作用,它假设您在$tbl_name. 您应该明确使用的列。用正确的列名替换colname1, event_name, username.
$sql = mysql_query("INSERT INTO $tbl_name (colname1, event_name, username) VALUES('','$eventname','{$_SESSION['myusername']}')");
The exact locations of SQL syntax errors will be revealed to you with some basic error checking via mysql_error().
SQL 语法错误的确切位置将通过一些基本的错误检查通过mysql_error().
$sql = mysql_query(<your insert statement>);
if (!$sql) {
echo mysql_error();
}
回答by pollirrata
You're missing a 'on your insert statement. Try this
您'的插入语句中缺少 a 。尝试这个
INSERT INTO $tbl_name VALUES('','$eventname','$_SESSION['myusername']')
回答by Phoenix
Hope it help you...
希望能帮到你...
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername'];
$sql = mysql_query("INSERT INTO tbl_name VALUES('','$eventname','".$_SESSION['myusername'])."'");
echo "You have been added to the event";
回答by SenorAmor
Remove the single quotes around the key in your $_SESSIONarray:
删除$_SESSION数组中键周围的单引号:
$sql = mysql_query("INSERT INTO $tbl_name VALUES('', '$eventname', '$_SESSION[myusername])");
回答by CodeCaster
You need a space between $tbl_nameand VALUES, and indeed a 'after $_SESSION['myusername'].
您需要在$tbl_nameand之间留一个空格VALUES,实际上是一个'after $_SESSION['myusername']。
And look up SQL injection.
并查找 SQL 注入。
