WARNING: String interpolation of user-supplied data is extremely dangerous and is likely to lead to SQL injection vulnerabilities. In most cases pg_query_params() should be preferred, passing user-supplied values as parameters rather than substituting them into the query string.
Any user-supplied data substituted directly into a query string should be properly escaped.
<form id="data" name="envoyer" action="action.php" method="post">
<input name="id" type="hidden" value="">
<table align="center" width="300" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td colspan="2"><p align="center">Date et heure :<br><input type="datetime-local" name="date" value="" class="date"></p><p> </p></td>
</tr>
<tr>
<td>Taux de glycémie avant :</td>
<td align="center"><input type="number" name="avant"></td>
</tr>
<tr>
<td>Trulicitie :</td>
<td align="center"><input type="checkbox" name="trulicitie" ></td>
</tr>
<tr>
<td>Nombre d'unité de rapide : </td>
<td align="center"><input type="number" name="rapide" ></td>
</tr>
<tr>
<td>Nombre d'unité de lente :</td>
<td align="center"><input type="number" name="lente" ></td>
</tr>
<tr>
<td>Taux de glycémie après :</td>
<td align="center"><input type="number" name="apres" ></td>
</tr>
<tr colspan="2"><td> <input type="hidden" id="type" name="type"></td></tr>
</tbody>
</table>
</form>
J'ai une page php qui resoit les info et les enregistre normalement dans ma base :
if (isset($_POST["date"])) {
$id = $_POST["id"];
$date = $_POST["date"];
$avant = $_POST["avant"];
$trulicitie = $_POST["trulicitie"];
$lente = $_POST["lente"];
$rapide = $_POST["rapide"];
$apres = $_POST["apres"];
$type = $_POST["type"];
}
$sql_insert = "INSERT INTO glycemie (id, date, avant, trulicity, lente, rapide, apres) VALUES (DEFAULT,'$date',$avant,'$trulicitie',$lente,$rapide,$apres);";
$result = pg_query($sql_insert);
Mais j'ai beau tous faire pour trouver l'erreur il m'écrit :
Warning: pg_query() [function.pg-query]: Query failed: ERROR: syntax error at or near "," LINE 1: ... rapide, apres) VALUES (DEFAULT,'2020-05-23 12:49',,'1',,,); ^ in /mnt/100/sdb/c/6/jb.martinez/glycemie/admin/action.php on line 62
Que se passe t-il ???
Je ne comprend pas ?
Pouvez-vous m'éder ?
Merci.