ICode9

精准搜索请尝试: 精确搜索
首页 > 数据库> 文章详细

PHP SQL插入错误

2019-10-13 23:30:21  阅读:271  来源: 互联网

标签:php sql database



插入数据库时​​出现错误.

码:

dbquery("INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')");

忽略dbquery,与mysql_query完全一样.

我收到的错误是:

 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''title','short','

不知道为什么会引发此错误!

解决方法:

教一个人如何钓鱼.

如果查询失败,那么您应该做的第一件事就是回显您要发送的查询:

$sql = "INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')";

echo $sql;

通常很明显,最终查询出了什么问题.要特别注意查询中的动态内容,通常要注意MySQL抱怨的地方.

如果看起来还可以,那么您会寻找可能需要转义的单词,例如reserved words.

结论

看完代码mysql之后,我不得不得出结论,问题出在$article上,它在查询中引起问题.为了以防万一,您可能也应该转义它:)

建议

您应该了解PDO / mysqli并使用准备好的语句:

// PDO example
$stmt = $db->prepare('INSERT INTO site_news_comments (articleid, title, short, comment, timestamp, userid, main, type, topstory) VALUES (:article, :title, :short, :comment, CURRENT_TIMESTAMP, :user, :main, :type, :topstory)');
$stmt->execute(array(
    ':article' => $article,
    ':title' => $commentss['title'],
    ':short' => '',
    ':comment' => $_POST['comment'],
    ':user' => USER_ID,
    ':main' => 0,
    ':type' => $commentss['type'],
    ':topstory' => '',
));


标签:php,sql,database

专注分享技术,共同学习,共同进步。侵权联系[admin#icode9.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有