问题描述:

This question already has an answer here:

  • How can I prevent SQL injection in PHP?

    28 answers

网友答案:

This is most likely what you are looking for:

$query = "INSERT INTO bookings (date, start, userId)
VALUES ('" . $booking_date . "','" . $booking_time . "','" . $_SESSION['userIdSession'] . "');";

However always make sure you are protecting against SQL Injections, else you might end up with serious problems if someone manage to mess with your database through unprotected user input.

网友答案:

When using array variables in double-quoted strings, you must surround them with curly brackets:

$query = "INSERT INTO bookings (date, start, userId)
    VALUES ('$booking_date','$booking_time','{$_SESSION['userIdSession']}');";

Otherwise PHP will not correctly recognize the array access in the string.

Additionally, you must prevent SQL Injection as stated in the comments above.

相关阅读:
Top