关于数据库连接代码的问题

大虾请帮帮看看这段代码哪里写错了，浏览器显示
插入数据失败：You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-mail,Title,Content,Posttime,Ip,HideIp) values('cedric','e10adc3949ba59abbe56e05' at line 1代码是：
$username=$_POST['username'];
$password=$_POST['password'];
$email=$_POST['email'];
$gender=$_POST['select'];
$title=$_POST['title'];
$content=$_POST['content'];
$hideip=$_POST['checkbox'];
$ip=getenv (REMOTE_ADDR);
$now=date("Y-m-d H:i:s");
$password=md5($password);
$strsql="insert into guestbook (Username,Password,Gender,E-mail,Title,Content,Posttime,Ip,HideIp) values('$username','$password','$gender','$email','$title','$content','$now','$ip','$hideip')";
mysql_query($strsql,$conn)or die("插入数据失败：".mysql_error());
谢谢了，高分报酬

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

$strsql="insert into guestbook (Username,Password,Gender,E-mail,Title,Content,Posttime,Ip,HideIp) values('".$username."','".$password."','".$gender."','".$email."','".$title."','".$content."','".$now."','".$ip."','".$hideip."')";
`E-mail` 等关键字加上``两个字符queryphp ORM 类
使用ORM类
可能以直接
赋值了
$guestbook->title;
$guestbook->e-mail;
$guestbook->save()http://code.google.com/p/queryphp/downloads/list
$username=$_POST['username'];
$password=$_POST['password'];
$email=$_POST['email'];
$gender=$_POST['select'];
$title=$_POST['title'];
$content=$_POST['content'];
$hideip=$_POST['checkbox'];
$ip=getenv (REMOTE_ADDR);
$now=date("Y-m-d H:i:s");
$password=md5($password);
$strsql="insert into guestbook (Username,Password,Gender,`E-mail`,Title,Content,Posttime,Ip,HideIp)
values('$username','$password','$gender','$email','$title','$content','$now','$ip','$hideip')";
mysql_query($strsql,$conn)or die("插入数据失败：".mysql_error());
有可能是这个E-mail 字段的不规则所引发的问题。
1:输入数据,没有过滤,sql注入 xxs攻击
2:可以使用mysql insert into set 语句,这个好处就是.字段的值的匹配是不会容易错的..
insert into table set table_filed1='test';