SQL 通过 php 将用户添加到数据库时出现语法错误

SQL syntax error when adding a user to the database through php

我试图通过我的 php 网页上的管理控制面板添加用户,但出现此错误。 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax我似乎一辈子都找不到问题,这是完整的页面代码。

<?php
include('session.php');
?>
<?php include ("db.php"); ?>
<?php

    if (isset($_POST['create'])) {
        $Username = mysql_real_escape_string($_POST['Username']);
        $password = mysql_real_escape_string($_POST['password']);
        $sex = mysql_real_escape_string($_POST['sex']);
        $email = mysql_real_escape_string($_POST['email']);
        $passwordmd5 = md5($password);

        $sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";

        mysql_query($sql) or die(mysql_error());

        include ("addition_successful.php");
        exit();
    }

?>
<!DOCTYPE html>
<html lang="en">

<head>
    <title>Network TV - Add Record</title>
    <meta charset="utf-8" />
    <link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<div class="container">
    <div class="content">
        <h1>Network TV Add new user</h1>
        <br>
        <div class="toolbar">
            <a href="data_display.php">Return to the main page</a>
        </div>
        <br>
    </div>
</div>
<div class="container">
    <div class="content">
        <div class="separator"></div>
        <h2>User details</h2>
        <div class="separator"></div>
        <form method="POST" action="<?php echo basename($_SERVER['PHP_SELF']); ?>">
            <p>Username:</p>
            <p><input type="text" name="Username" id="Username" placeholder="Input Username here ... "></p>
            <p>password:</p>
            <p><input type="text" name="password" id="password" placeholder="Input password here ... "></p>
            <p>email:</p>
            <p><input type="text" name="email" id="email" placeholder="Input Email address  here ... "></p>
            <p>Name:</p>
            <p><input type="text" name="name" id="name" placeholder="Input name here ... "></p>
            <p>Date of birth:</p>
            <p><input type="date" name="dob" id="dob" placeholder="Input date of birth here ... "></p>
            <p>Gender:</p>
            <p><input type="text" name="sex" id="sex" placeholder="Input gender here ... "></p>
            <p>Phone Number:</p>
            <p><input type="text" name="phone" id="phone" placeholder="Input phone number here ... "></p>
            <p>Profile Picture:</p>
            <p><input type="text" name="imagelink" id="imagelink" placeholder="Input profile picture link here ... "></p>
            <p>Cover Picture:</p>
            <p><input type="text" name="coverpicture" id="coverpicture" placeholder="Input cover picture link here ... "></p>
            <p>Hobbys:</p>
            <p><input type="text" name="hobby" id="hobby" placeholder="Input hobbys here ... "></p>
            <p>Bio:</p>
            <p><input type="text" name="bio" id="bio" placeholder="Input bio here ... "></p>



            <p><input type="submit" name="create" value="Create New Record"></p>
        </form>
        <div class="separator"></div>
    </div>
</div>
</body>

</html>

session.php只是在用户登录时创建会话,db只是Mysql的数据库连接。

更新

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''None','None'' at line 1

你的结尾 ) 写错了地方:

'$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";
                   ^^^^^
                    HERE

将其移至您的 VALUES 的末尾:

$sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";

你的 SQL 中的错误是你任意结束你的 VALUES() 数组,然后传递更多参数,观察:

'$_POST[coverpicture]'),'$_POST[hobby]','$_POST[bio]'";

将其更改为:

'$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";

此外,接受未加密的用户输入数据被认为是不安全的,应替换为准备好的语句。

最后,mysql_ 库已弃用。请考虑至少移动到 mysqli_PDO

) 放错地方了:

$sql="INSERT INTO `username` (`username`, `password`, `email`, `name`, `dob`, `sex`, `phone`, `imagelink`, `coverimage`, `hobby`, `Bio`) VALUES ('$_POST[Username]','$passwordmd5','$_POST[email]','$_POST[name]','$_POST[dob]','$_POST[sex]','$_POST[phone]','$_POST[imagelink]','$_POST[coverpicture]','$_POST[hobby]','$_POST[bio]')";