-1
我想顯示用戶插入的數據,以便將其保存到數據庫的2個表中。但是這個代碼不適合我。從用戶輸入的sql中將數據保存到2個表中
$query = "INSERT INTO partnumber (Partnumber, Description, Min, Max) VALUES
('" . $_POST ["part"] . "', '" . $_POST["description"] . "', '" . $_POST["min"] . "', '" . ($_POST["max"]) . "')INSERT INTO forecast (Partnumber, Min, Max) VALUES
('". $_POST ["part"] . "', '" . $_POST["min"] . "','" . ($_POST["max"]) . "')";
$result = $db_handle->insertQuery($query);
if(!empty($result)) {
$error_message = "";
$success_message = "Saved successfully!";
unset($_POST);
} else {
$error_message = "Problem in saving. Try Again!";
}
$sql = "INSERT INTO forecast (Partnumber, Min, Max) VALUES
('". $_POST ["part"] . "', '" . $_POST["min"] . "','" . ($_POST["max"]) . "')";
$result = $db_handle->insertQuery($sql);
if(!empty($result)) {
$error_message = "";
$success_message = "Saved successfully!";
} else {
$error_message = "Problem in saving. Try again!";
}
錯誤是
無效查詢
有人能幫忙嗎?
您的前兩個查詢沒有任何分隔符來分隔它們。您將從分割兩個插入中受益。此外,請注意,您的代碼易受** ** [** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)影響。你應該使用[** prepared statements **](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)來防止這種情況。你可以參考[**這篇文章**](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)瞭解更多關於如何防止SQL注入的信息在PHP中:) –