插入语句不起作用PHP [关闭]

Question

下面的代码应该获取用户的输入并将其插入到客户表中。但是，我收到错误：queryIncorrect integer value 的问题：第 1 行的列“customerID”的“customerid”。有人可以帮忙吗？谢谢

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 12</title>

</head>

<body>
<?php

 $conn = mysql_connect("localhost", "user", "password"); 
 mysql_select_db("factory291", $conn) 
 or die ('Database not found ' . mysql_error() ); 
 $sql = "SELECT * FROM customer"; 
 $rs = mysql_query($sql, $conn) 
 or die ('Problem with query' . mysql_error()); 

$ename = $elname = $ecus = $epcode = "";
$fnamecus = $lnamecus = $idcus = $pcde = "";

$error_report = false;

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["customerid"])) {
     $ecus = "Customer ID is required";
$error_report = true;
   } else {
     $idcus = input_t($_POST["customerid"]);
     // check if numeric
     if (preg_match("/[^0-9]/",$idcus)) {
       $ecus = "Only numbers allowed"; 
$error_report = true;
}
    if(strlen($idcus) != 6 && ($idcus) != null)
{
      $ecus = "Customer ID must be 6 digits"; 
$error_report = true;
}
   }
   if (empty($_POST["customerfname"])) {
     $ename = "First name is required";
$error_report = true;
   } else {
     $fnamecus= input_t($_POST["customerfname"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z-]*$/",$fnamecus)) {
       $ename = "Only alphabetic letters and hyphen";
$error_report = true; 
     }
    if(strlen($fnamecus) > 20 && ($fnamecus) != null)
{
      $ename = "First name can't be more that 20 characters long"; 
$error_report = true;
}
   }
if (empty($_POST["customerlname"])) {
     $elname = "Last name is required";
$error_report = true;
   } else {
     $lnamecus = input_t($_POST["customerlname"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z-]*$/",$lnamecus)) {
       $elname = "Only alphabetic letters and hyphen";
$error_report = true; 
     }
  if(strlen($lnamecus) > 20 && ($lnamecus) != null)
{
      $elname = "Last name can't be more that 20 characters long";
$error_report = true; 
}
   }
if (!is_null($_POST["postcode"])) {
     $pcde = input_t($_POST["postcode"]);
     // check if name only contains letters and whitespace
     if (preg_match("/[^0-9]/",$pcde)) {
       $epcode = "Only numbers allowed";
$error_report = true; 
     }
    if(strlen($pcde) != 4 && ($pcde) != null)
{
      $epcode = "Post code must be 4 digits";
$error_report = true; 
}
  } 
}
if($error_report != true) {
$query="INSERT INTO customer (customerID, firstName, lastName, Address, suburb, state, postcode)
VALUES ('".$_POST['customerid']."', '".$_POST['customerfname']."', '".$_POST['customerlname']."', 
'".$_POST['customeraddress']."', '".$_POST['suburb']."', 
'".$_POST['state']."', '".$_POST['postcode']."')";
echo "correct";

}



function input_t($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}
?>


<h1>Customer Information Collection <br /></h1>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="custinfo" >
   <table>
   <tr>
        <td><label for="customerid">Customer ID (integer value): </label></td>
        <td><input type="text" id="customerid" name="customerid" size=11 value="<?php 
echo $idcus;?>"/><span class="error">* <?php echo $ecus;?></span></td>
    </tr>
   <tr>
        <td><label for="customerfname">Customer Frist Name: </label></td>
        <td><input type="text" id="customerfname" name="customerfname" size=50 value="<?php 
echo $fnamecus;?>"/><span class="error">* <?php echo $ename;?></span></td>
    </tr>
    <tr>
        <td><label for="customerlname">Customer Last Name: </label></td>
        <td><input type="text" id="customerlname" name="customerlname" size=50 value="<?php 
echo $lnamecus;?>"/><span class="error">* <?php echo $elname;?></span></td>
    </tr>
   <tr>
        <td><label for="customeraddress">Customer Address: </label></td>
        <td><input type="text" id="customeraddress" name="customeraddress" size=65/></td>

        <td><label for="suburb"> Suburb: </label></td>
    <td><input type="text" id="suburb" name="suburb"/></td>
   </tr>
   <tr>
   <td>
    State:<select name="state" id="state">
        <option value="select">--</option>
        <option value="ACT">ACT</option>
        <option value="NSW">NSW</option>
        <option value="NT">NT</option>
        <option value="QLD">QLD</option>
        <option value="SA">SA</option>
        <option value="TAS">TAS</option>
        <option value="VIC">VIC</option>
         <option value="WA">WA</option>
      </select>
 </td>
    <td><label for="postcode"> Post Code: </label><input type="text" id="postcode" 
name="postcode" size=4 value="<?php 
echo $pcde;?>"/><span class="error"><?php echo $epcode;?></span></td>
   </tr>
   </table>
    <p><input type="submit" value="Save Data"/>&nbsp;<input type="reset" value="Clear Form" />
  </tr>
  </form>


</body>
</html>

Answer 1

你的问题是不正确地使用引号：

$query="INSERT INTO customer (customerID, firstName, lastName, Address, suburb, state, postcode)
VALUES ('customerid', 'customerfname', ‘customerlname', 'customeraddress', 'suburb', 
'state', 'postcode')";

您正在提交文字字符串值，'customerid' 等。

从您的代码来看，您似乎想使用 $_POST 值，如下所示：

$query="INSERT INTO customer (customerID, firstName, lastName, Address, suburb, state, postcode)
VALUES ('".$_POST['customerid']."', '".$_POST['customerfname']."', '".$_POST['customerlname']."', '".$_POST['customeraddress']."', '".$_POST['suburb']."', 
'".$_POST['state']."', '".$_POST['postcode']."')";

还有：

• 请不要使用mysql_* 函数。它们已被弃用。使用 MySQLi 或 PDO。
• 您对 SQL 注入持开放态度。您需要对数据进行转义，或者使用准备好的语句更好。