【发布时间】:2017-08-27 10:41:36
【问题描述】:
我在将 cmets 插入我的博客(PHP、MySQL、HTML、CSS)时遇到问题。 我在 MySQL 中有一个数据库:
- 帖子(id、类别、标题、正文、作者、标签、日期),
- cmets(id、post_id、作者、电子邮件、内容、日期),
- 类别(ID、名称)
我不确定如何将 post_id 插入 cmets 表。我尝试了很多选项并收到此消息,但我不确定我在哪里犯了错误。 我没有第 137 行,但我知道问题出在插入查询中。有人可以帮我弄清楚吗?
消息:
您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在第 137 行的 '' 附近使用正确的语法
<?php include 'includes/header.php'; ?>
<?php
$id = $_GET['id'];
//Create DB Object
$db = new Database();
//Create Query
$query = "SELECT * FROM posts WHERE id = ".$id;
//Run Query
$post = $db->select($query)->fetch_assoc();
//Create Query
$query = "SELECT * FROM categories";
//Run Query
$categories = $db->select($query);
//add code
//Create Query
$query = "SELECT * FROM comments WHERE post_id = ".$id;
//Run Query
$comments = $db->select($query);
//test if the form is submitted
if(isset($_POST['submit']))
{
//Assign Vars
//$post_id = mysqli_real_escape_string($db->link, $_POST['post_id']);
//$post_id = $id;
//if(!is_numeric($post_id))
// die('invalid post id');
$author = mysqli_real_escape_string($db->link, $_POST['author']);
$email = mysqli_real_escape_string($db->link, $_POST['email']);
$content = mysqli_real_escape_string($db->link, $_POST['content']);
//Simple Validation
if($post_id == '' || $author == '' || $email == '' || $content == '')
{
//Set Error
$error = 'Please fill out all required fields';
}
else
{
$query = "INSERT INTO comments (post_id, author, email, content)
VALUES('$post_id', '$author', '$email', '$content')";
$insert_row = $db->insert($query);
}
}
?>
<!-- dodajemy kod-->
<div class="blog-post">
<h2 class="blog-post-title"><?php echo $post['title']; ?></h2>
<p class="blog-post-meta"><?php echo formatDate($post['date']); ?> by <a href="#"><?php echo $post['author']; ?></a></p>
<?php echo $post['body']; ?>
</div><!-- /.blog-post -->
<!-- dodajemy kod-->
<?php if($comments) : ?>
<?php echo '<ol id="comments">'; ?>
<?php while($row = $comments->fetch_assoc()) : ?>
<?php echo '<li id="comment-'.$row['id'].'">'; ?>
<p><a href="#"><?php echo $row['author']; ?></a> - <?php echo formatDate($row['date']); ?> </p>
<?php echo $row['content']; ?>
<?php echo '</li>'; ?>
<?php endwhile; ?>
<?php echo '</ol>'; ?>
<?php else : ?>
<p>There are no comments yet</p>
<?php endif; ?>
<br>
<form role="form" method="post" action="post.php">
<div class="form-group">
<label>Author</label>
<input name="author" type="text" class="form-control" placeholder="Enter Author Name">
</div>
<div class="form-group">
<label>Email</label>
<input name="email" type="text" class="form-control" placeholder="Enter Email Adress">
</div>
<div class="form-group">
<label>Content</label>
<textarea name="content" class="form-control" placeholder="Enter Comment Content"></textarea>
</div>
<div class="form-group">
<input type='hidden' name='post_id' id='post_id' value='<?php echo $id; ?>' />
</div>
<div>
<input name="submit" type="submit" class="btn btn-default" value="Submit" />
<a href="index.php" class="btn btn-default">Cancel</a>
</div>
<br>
</form>
<?php include 'includes/footer.php'; ?>
【问题讨论】:
-
将您的代码粘贴到这里,而不是其他一些资源上
-
使用反斜杠转义每个
'时,您想达到什么目的? -
这是一个非常简单的验证,以便不在数据库中插入空数据还是您的意思是查询?
-
我添加了代码:post.php 供查看。
-
尝试:$query = "SELECT * FROM posts WHERE id = '$id'";