我试图将表单数据插入数据库中的表之一.要插入的数据是名称,电子邮件,当前日期和用户兴趣.
这是代码.

if (isset($_POST['name'])) {
   $name = $_POST['name'];
   $email = $_POST['email'];
   $intrests = $_POST['intrests'];
   $default_intrests = array("mob","pcs","scm","oth");
   $interests = "";
   if (count($intrests) == 0) {
      $interests = implode(",", $default_intrests);
   }
   else {
          $interests = implode(",", $intrests);
   }

   $sqll="insert into subscriptions (name,email,subdate,intrests) values ($name,$email,CURRENT_DATE, $interests)";
   $insert = MysqLi_query($link, $sqll);
   if (!$insert) {
      echo MysqLi_error($link);
   }
}

在提交表单时,显示以下错误：

You have an error in your sql Syntax; check the manual that corresponds to your MariaDB server version for the right Syntax to use near ‘dsa,asdf@qwer.com,CURRENT_DATE, mob)’ at line 1

解决方法:

将’添加到值,因为其中一些是字符串

 $sqll="insert into subscriptions (name,email,subdate,intrests)
     values ('$name','$email',CURRENT_DATE, '$interests')";

实际上,直接将参数写入sql是一个不好的主意,最好使用prepared-statements来执行,避免使用SQL Injection