开发者

insert - not recorded field in the table

开发者 https://www.devze.com 2023-01-29 21:48 出处:网络
INSERT INTO `jos1_content` (`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
INSERT INTO `jos1_content` 
  (`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES  
  ($title, $introtext, $fulltext, 1, 1, $catid, 5)

Query is made up of php script. Derivation of variables shows that they are not empty. At the request of phpMyAdmin shows the error:

1064 - You ha开发者_开发问答ve an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '


You need to use single quotes to indicate strings to SQL - use:

INSERT INTO `jos1_content` 
  (`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES  
  ('". $title ."', '". $introtext ."', '". $fulltext ."', 1, 1, $catid, 5)

A safer means would be to use:

$query = sprintf("INSERT INTO `jos1_content` 
                    (`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
                  VALUES  
                   ('%s', '%s', '%s', 1, 1, %d, 5)",
        mysql_real_escape_string($title),
        mysql_real_escape_string($introtext),
        mysql_real_escape_string($fulltext),
        $catid);

Reference:

  • SPRINTF
  • MYSQL_REAL_ESCAPE_STRING


You need to surround your PHP variables that are being inserted into string-type fields with quotes:

INSERT INTO `jos1_content` 
(`title`, `introtext`, `fulltext`, `state`, `sectionid`, `catid`, `attribs`)
VALUES  
('$title', '$introtext', '$fulltext', 1, 1, $catid, 5)


Read about prepared statements in the manual of your programming language or use mysql_escape_string.

0

精彩评论

暂无评论...
验证码 换一张
取 消