0
我已经创建了一个表单,这里是插入命令将值插入到数据库中。第一个查询$ query1被执行,但第二个不是。所以,我得到了“卖家INSERT失败”在单个表格中插入到多个php表中
<?php
$book_author = mysqli_real_escape_string($con, $_POST['b_author']);;
$book_branch = mysqli_real_escape_string($con, $_POST['b_branch']);
$book_edit = mysqli_real_escape_string($con, $_POST['b_edit']);
$book_name = mysqli_real_escape_string($con, $_POST['b_name']);
$book_price = mysqli_real_escape_string($con, $_POST['b_price']);
$book_pub = mysqli_real_escape_string($con, $_POST['b_pub']);
$book_qty = mysqli_real_escape_string($con, $_POST['b_qty']);
$name = mysqli_real_escape_string($con, $_POST['s_name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$phNo = mysqli_real_escape_string($con, $_POST['phNo']);
$clg = mysqli_real_escape_string($con, $_POST['college']);
$query1 = "INSERT INTO `book_info`(book_author,book_branch,book_edit,book_name,book_price,book_pub,book_qty) VALUES".
"('$book_author','$book_branch','$book_edit','$book_name','$book_price','$book_pub','$book_qty')";
$query2 = "INSERT INTO `seller_info`(seller_name,seller_email,seller_phno,seller_college) VALUES".
"('$name','$email','$phNo','$clg')";
$result1 = mysqli_query($con, $query1);
$result2 = mysqli_query($con, $query2);
if (!$result1)
echo "Book INSERT failed: $query1";
if (!$result2)
echo "seller INSERT failed $query2 <br />".
mysql_error() . "<br /><br />";
?>
只是一种猜测,究竟是seller_phno?你的意思是seller_phone? – michaelbn 2014-09-30 15:06:36
使用'mysqli'时,您应该使用参数化查询和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)将用户数据添加到您的查询中。 **不要**使用字符串插值来实现此目的,因为您将创建严重的[SQL注入漏洞](http://bobby-tables.com/)。占位符还可以避免您在那里发生的巨大“逃生线”呼叫。 – tadman 2014-09-30 15:08:44