SQL Insert and Submit

2019-08-18 05:29发布

When I execute this query it returns false, which means the query is wrong. Can you figure out why?

$string1 = 'wee';
$string2 = 'wee'; 
$string3 = 'wee'; 
$string4 = 'wee';  

if (isset($_POST['submit'])) {  

    $query = "INSERT INTO data (book, title, content, author)
              VALUES ($string1, $string2, $string3, $string4)";          
    mysql_query($query, $con);    
}

However, when I put something that is like the following, it returns true and inserts correctly:

$query = "INSERT into data (book, title, content, author)
          VALUES ('wee', 'wee', 'wee', 'wee')";

And another question: when I submit, it seems that the query is returning twice when executed which means two records with one query. Does anyone understand that?

If you need more information, just ask.

Thanks in advance.

标签： php sql variables insert submit

2条回答

叼着烟拽天下

2楼-- · 2019-08-18 06:24

Although this question seems answered, you should not be using user input directly in queries as this opens holes for vulnerabilities like SQL Injection (and that's bad mmmay)

If you look at the mysql page on php.net (mysql_query) the page says it is recommended you use an abstraction layer like PDO (pdo-mysql)

Using PDO will allow you to bind parameters to your sql queries to bypass the security implications of using user input in your queries.

If you don't bind parameters to your queries, you're gonna have a bad time.

0人赞添加讨论(0) 举报

贪生不怕死

3楼-- · 2019-08-18 06:31

Your field data type is string or varchar so you need to put '' or "" around them.

Change your query as below

$query = "INSERT into data (book, title, content, author)VALUES ('".$string1."', '".$string2."',     
         '".$string3."', '".$string4."')";

To resolve submit issue, please post your html code

0人赞添加讨论(0) 举报

SQL Insert and Submit

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间