SQL插入不起作用

Question

为什么不这么简单的插入工作？没有插入的唯一价值是$ streamName中，如果我删除代码值，则一切正常，下面的代码：

$userId= $_SESSION['kt_login_id']; 
$streamName= $_GET['streamName']; 
$streamDuration= $_GET['streamDuration']; 
$recorderId= $_GET['recorderId']; 

$con = mysql_connect("localhost","wwwmeety_staff","xxxxxx"); 
if (!$con) 
    { 
    die('Could not connect: ' . mysql_error()); 
    } 

mysql_select_db("wwwmeety_ourstaff", $con); 

mysql_query("INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id) 
VALUES ($userId, $streamName, $streamDuration, $recorderId)"); 


mysql_close($con); 

和MySQL出口

CREATE TABLE IF NOT EXISTS `recordedvideos` (
    `record_id` int(11) NOT NULL AUTO_INCREMENT, 
    `user_id` int(11) DEFAULT NULL, 
    `streamName` text, 
    `record_duration` text, 
    `recorder_id` text, 
    PRIMARY KEY (`record_id`) 
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; 

Answer 1

你忘了引号的字符串。

mysql_query(
     "INSERT INTO recordedvideos 
     (user_id, streamName, record_duration, recorder_id) VALUES 
     ($userId, '$streamName', '$streamDuration', '$recorderId')" 
      ); 

但是为了避免SQL注入，优选这种方法：http://php.net/manual/en/function.mysql-query.php

$query = sprintf("INSERT INTO recordedvideos 
    (user_id, streamName, record_duration, recorder_id) VALUES 
    ($userId, '%s', '%s', '%s')", 
    mysql_real_escape_string($streamName), 
    mysql_real_escape_string($streamDuration), 
    mysql_real_escape_string($recorderId) 
); 

mysql_query($query); 

Answer 2

的mysql_query（“INSERT INTO recordedvideos（USER_ID，streamName中，record_duration，recorder_id） VALUES（$用户id， '$ streamName中' ，'$ streamDuration'，'$ recorderId'）“）;

将单引号放在字符串类型值周围。

Answer 3

你必须enclose string fields with single quotes

INSERT INTO recordedvideos (user_id, streamName, record_duration, recorder_id) 
VALUES ($userId, '$streamName', '$streamDuration', '$recorderId')