데이터베이스 테이블에 내 양식의 변수를 삽입하는 올바른 구문을 얻으려고합니다.SQL 문에 변수 삽입하기
여기내 양식은 ...
<form name="texcom_daily" method="POST" action="actions/siteSubmit.php">
<input type="hidden" value="<?php echo $_GET['id'] ?>" name="id" />
<table width="450px">
</tr>
<tr>
<td valign="top">
<label for="first_name">First name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['first'] ?>" name="first_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="last_name">Last name *</label>
</td>
<td valign="top">
<input type="text" value="<?php echo $_SESSION['last']?>" name="last_name" maxlength="50" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="email">Email Address *</label>
</td>
<td valign="top">
<input type="text" name="email" value="<?php echo $_POST['email']?>" maxlength="80" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="telephone">Telephone Number *</label>
</td>
<td valign="top">
<input type="text" name="telephone" value="<?php echo $_POST['telephone']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_number">Truck Number *</label>
</td>
<td valign="top">
<input type="text" name="truck_number" value="<?php echo $_POST['truck_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="truck_milage">Truck Mileage *</label>
</td>
<td valign="top">
<input type="text" name="truck_mileage" value="<?php echo $_POST['truck_mileage'] ?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="carrier">Carrier *</label>
</td>
<td valign="top">
<input type="text" name="carrier" maxlength="40" value="<?php echo $_POST['carrier']?>" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="site_number">Site Number *</label>
</td>
<td valign="top">
<input type="text" name="site_number" value="<?php echo $_POST['site_number']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="lat">Latitude:</label>
</td>
<td valign="top">
<INPUT type="text" name="lat" ID="lat" value="<?php echo $_POST['lat']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="longitude">Longitude:</label>
</td>
<td valign="top">
<input type="text" name="longitude" ID="longitude" value="<?php echo $_POST['longitude']?>" maxlength="40" size="40">
</td>
</tr>
<tr>
<td valign="top">
<label for="comments">Comments *</label>
</td>
<td valign="top">
<textarea name="comments" maxlength="1000" cols="40" rows="6"><?php echo $_POST['comments']?></textarea>
</td>
</tr>
<tr>
<td valign="top">
<label for="job_completion">Job Completion *</label>
<td colspan="2" style="text-align">
<?php $job_completion = isset($_POST['job_completion']) ? $_POST['job_completion'] : ''; ?>
<input type="radio" name="job_completion" value="Yes" <?php echo $job_completion === 'Yes' ? "checked='checked'" : ''?> > Yes
<input type="radio" name="job_completion" value="No" <?php echo $job_completion === 'No' ? "checked='checked'" : ''?>> No
</td>
</tr>
</table>
</form>
여기에 SQL 문입니다. 첫 번째는 작동하지만 sql2는 데이터베이스에 데이터를 입력하지 않습니다.
$sql = "INSERT INTO documents (id, userid, description, name, date) VALUES (NULL, {$_SESSION['id']}, '{$description}' ,'{$filename}', NOW())";
$success = mysql_query($sql);
$sql2 = "INSERT INTO sitesubmit (first_name, last_name, email, telephone, truck_number, truck_mileage, carrier, site_number, lat, longitude, comments, job_completion)
VALUES ('$_POST[first]', '$_POST['last']', '$_POST['email']', '$_POST['telephone']', '$_POST['truck_number']', '$_POST['truck_mileage']', '$_POST['carrier']', '$_POST['site_number']', '$_POST['lat']', '$_POST['longitude']', '$_POST['comments']', '$_POST['job_completion']')";
$success2 = mysql_query($sql2);
공격에 대해 크게 열리게하는 사용자 입력을 피하지 마십시오. 특정 데이터가 제공되면 실패합니다. –