更新时间:2023-01-22 12:27:52
删除函数FROM_UNIXTIME
中的单引号,因为它将使它成为一个值.例如
remove single quotes aroung the function FROM_UNIXTIME
because it will make it a value. eg
$sql = "INSERT INTO `calendar` (`date`, `title`, `event`) VALUES (FROM_UNIXTIME(".$datestr."), '".mysql_real_escape_string($_POST['title'])."', '".mysql_real_escape_string($_POST['desc'])."')";
作为附带说明,您的查询容易受SQL Injection
的攻击,请参阅下面的文章以了解如何保护它免于攻击
As a sidenote, your query is vulnerable with SQL Injection
, please see the article below to learn how to protect from it