我有一个表列
log_id作为primary_key auto_increment。
我是否需要在INSERT INTO语句中指定它?
我在尝试将值插入数据库时遇到下一个错误:
您的SQL语法有错误;查看与MySQL服务器版本对应的手册,以获得在"(log_session,log_ip,log_vrijeme,log_model(my_log VALUES('270043ae1526e4',位于第1行INSERT INTO(log_session,log_ip,log_vri jeme,log_model<?php $_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd"; $log_session = $_SESSION['compare_hash']; $log_ip = $_SERVER['REMOTE_ADDR']; $log_vrijeme = date("Y-m-d H:i:s"); $log_model = "1402"; $con = mysqli_connect("localhost","user","password","databse"); $sql = " INSERT INTO (log_session,log_ip,log_vrijeme,log_model) my_log VALUES ('$log_session','$log_ip','$log_vrijeme','$log_model') "; $rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql"); mysqli_close($con); ?>
表格结构:
Field Type Null Key Default Extra log_id int(11) NO PRI NULL auto_increment log_session varchar(42) NO MUL NULL log_ip varchar(15) NO NULL log_vrijeme datetime NO MUL NULL log_model int(11) NO MUL NULL
谢谢你的帮助。
您应该将my_log
放在INSERT INTO
之后:
<?php
$_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd";
$log_session = $_SESSION['compare_hash'];
$log_ip = $_SERVER['REMOTE_ADDR'];
$log_vrijeme = date("Y-m-d H:i:s");
$log_model = "1402";
$con = mysqli_connect("localhost","user","password","databse");
$sql = "
INSERT INTO my_log (log_session,log_ip,log_vrijeme,log_model)
VALUES ('$log_session','$log_ip','$log_vrijeme','$log_model')
";
$rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql");
mysqli_close($con);
?>
但是,您的代码有几个缺点,稍后我将对它们进行描述。
1.不要将未标注大小的变量传递到查询中直到你别无选择。使用mysqli_real_escape_string($con, $your_var)
来防止SQL注入,而使用PDO会使其变得更好。
2.使用HEREDOC语法以确保未来编辑期间的查询一致性通过这种方式,即使有人将"
放入查询中,它仍然可以按预期工作。
3.如果下面没有任何内容,请省略PHP文件末尾的结束标记这将防止出现令人惊讶的错误。
<?php
$_SESSION['compare_hash'] = "270043ae1526e44967889b4382ff69fd";
$con = mysqli_connect("localhost","user","password","databse");
$log_session = mysqli_real_escape_string($con, $_SESSION['compare_hash']);
$log_ip = mysqli_real_escape_string($con, $_SERVER['REMOTE_ADDR']);
$log_vrijeme = mysqli_real_escape_string($con, date("Y-m-d H:i:s"));
$log_model = mysqli_real_escape_string($con, "1402");
$sql = <<<SQL
INSERT INTO my_log (log_session,log_ip,log_vrijeme,log_model)
VALUES ('${log_session}','${log_ip}','${log_vrijeme}','${log_model}')
SQL;
$rez = mysqli_query($con, $sql) or die(mysqli_error($con)."<br>$sql");
mysqli_close($con);