這是接受的語法嗎?更重要的是,它會起作用嗎?MySQL表插入
$temp = mysql_query("INSERT INTO streamer_ids (username,streamer_id,premium) VALUES($username,$randstring,0)");
$temp->closeCursor();
這是接受的語法嗎?更重要的是,它會起作用嗎?MySQL表插入
$temp = mysql_query("INSERT INTO streamer_ids (username,streamer_id,premium) VALUES($username,$randstring,0)");
$temp->closeCursor();
你需要把周圍的字符串引號,使其工作。
mysql_query("INSERT INTO streamer_ids (username,streamer_id,premium)
VALUES('$username', '$randstring', '0')");
Sp。如果您連接到MySQL,那麼它將適用於這些更改。另外,不要忘記對SQL注入攻擊採取預防措施。對於這一點,你應該運行查詢前這樣對所有的變量:
$username = mysql_real_escape_string($username);
$randstring = mysql_real_escape_string($randstring);
$premium = intval($premium); //supposing it is always integer.
謝謝,我相信這是你第二次幫我出來:) – 2010-12-09 05:30:12
也,請注意魔術引號,尤其是magic_quotes_gpc,默認情況下在5.3.0之前的PHP中啓用:http://php.net/manual/en/security.magicquotes.php – 2010-12-09 07:49:45
$tempquery = "INSERT INTO streamer_ids (username,streamer_id,premium) VALUES($username,$randstring,0);
$result = mysql_query($tempquery);
感謝。
可能重複[MySQL表插入](http://stackoverflow.com/questions/4394723/mysql-table-insertion) – InSane 2010-12-09 04:41:29