Can someone help me figure out why this code isn't working.
I am connected to the DB. This snippet is within php tags.
$result=mysql_query("INSERT INTO attendee开发者_StackOverflow中文版ser (firstName, lastName, shirtSize, title, organization, emailAddress, q1, q2, q3, refId)
VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[shirtSize]', '$_POST[title]', '$_POST[organization]', '$_POST[emailAddress]', '$_POST[q1]', '$_POST[q2]', '$_POST[q3]', 'NULL')");
I figured it out. I didn't have q3 as a field in the table.
Yeah, someone probably entered a quote or something. DO NOT INSERT THIS WAY, you are wide open to SQL injection attacks.
Use PDO, or mysql_real_escape_string()
at a minimum.
execute this
if(!mysql_query("INSERT INTO attendeeser (firstName, lastName, shirtSize, title, organization, emailAddress, q1, q2, q3, refId)
VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[shirtSize]', '$_POST[title]', '$_POST[organization]', '$_POST[emailAddress]', '$_POST[q1]', '$_POST[q2]', '$_POST[q3]', 'NULL')")){
echo mysql_error();
}
that will display the error generated by mysql.
精彩评论