abstract:<?php $base1=$_REQUEST['base1']; $base2=$_REQUEST['base2']; $prcname=$_REQUEST['prcname']; $price=$_REQUEST['price']; $prcXH=$_REQUEST['
<?php
$base1=$_REQUEST['base1'];
$base2=$_REQUEST['base2'];
$prcname=$_REQUEST['prcname'];
$price=$_REQUEST['price'];
$prcXH=$_REQUEST['prcXH'];
$other1=$_REQUEST['other1'];
$other2=$_REQUEST['other2'];
$sql1="insert into [base_table](base1,base2) values('{$base1}','{$base2}')";
$sql2="insert into [prc_table](prcname,price,prcXH) values('{$prcname}','{$price}','{$prcXH}')";
$sql3="insert into [other_table](other1,other2) values('{$other1}','{$other2}')";
query($sql1);
query($sql2);
query($sql3);
echo "写入完成";
?>
Correcting teacher:西门大官人Correction time:2019-04-09 09:43:41
Teacher's summary:query函数在哪里定义的?还有前台传过来的数据,不加任何处理直接放到sql中去,很危险