1. 首頁
  2. 問答
  3. 1064錯誤MySql中要求

1064錯誤MySql中要求

2012-07-18 89 views
-3

我有下面的PHP代碼:1064錯誤MySql中要求

function get_all_labels_by_language_id($language_code, $page_index, $user_id) { 
    $language_id = $this->get_language_id($language_code); 
    $users_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
      coalesce(loc.language_value) 
      from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
      and eng.label_value = loc.label_value 
      and loc.user_id = '" . $user_id . "' 
      where eng.language = 45 
      order by loc.language_value"; 
    $data = $this->db->query($users_query)->result_array(); 
    $result = array(); 
    for ($i = 0; $i < count($data); $i++) { 
     $result[$i]['language_id'] = $language_id; 
     if (!$data[$i]['user_id']) { 
      $result[$i]['translate'] = $data[$i]; 
      $result[$i]['alternatives'] = NULL; 

      $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
      and eng.label_value = loc.label_value 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      order by loc.language_value"; 
      $other_records = $this->db->query($other_records_query)->result_array(); 
      for ($k = 0; $k < count($other_records); $k++) { 
       if ($other_records[$k]['approved'] == '1') { 
        $result[$i]['translate'] = $other_records[$k]; 
       } else { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } 
     } else { 
      $result[$i]['translate'] = $data[$i]; 
      $result[$i]['alternatives'] = NULL; 
      if ($data[$i]['approved'] == '1') { 
       $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
        and eng.label_value = loc.label_value 
        and loc.approved='1' 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      and approved='0' order by loc.language_value"; 
       $other_records = $this->db->query($other_records_query)->result_array(); 
       for ($k = 0; $k < count($other_records); $k++) { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } else { 
       $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
        and eng.label_value = loc.label_value 
        and loc.approved='1' 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      order by loc.language_value"; 
       $other_records = $this->db->query($other_records_query)->result_array(); 
       for ($k = 0; $k < count($other_records); $k++) { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } 
     } 
    }

此代碼工作的權利,但現在我已經得到了以下錯誤:

錯誤編號:1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't set up correctly. If you're the store owner, please refer to' ' at line 8 

select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value, coalesce(loc.language_value) from labels eng left outer join labels loc on loc.language = 24 and eng.label_value = loc.label_value where eng.language = 45 and loc.label_value='It looks like the payment gateway isn't set up correctly. If you're the store owner, please refer to' order by loc.language_value 

Filename: Z:\home\localhost\www\system\database\DB_driver.php 

Line Number: 330

請告訴我,我該如何解決它?我不明白我錯在哪裏。先謝謝你。

來源

2012-07-18 user1517541

+0

嗯,[bobby tables](http://xkcd.com/327/) – Ben 2012-07-18 12:39:29

回答

0

你應該逃避'在字符串字面

'It looks like the payment gateway isn\'t set up correctly. If you\'re the store owner, please refer to'

mysql_real_escape_string是你的朋友。

來源

2012-07-18 12:26:58 triclosan

1

你沒有轉義字符串,你傳遞到列label_value。它包含破壞查詢的字符。

UPDATE

這看起來像笨,所以你應該使用:

$this->db->escape();

這裏的手工

http://codeigniter.com/user_guide/database/queries.html

來源

2012-07-18 12:27:01 Zagor23

+1

另外,查詢綁定在用戶指南的同一頁上值得一提 – Ben 2012-07-18 12:42:32

0

您正在構建SQL與轉義字符串 - 當下一個的字符串包含一個報價,你已經死了。而我的意思是:如果這是一個用戶提供的值,那麼你只是失去了對數據庫的控制權(Google針對「SQL注入」)。

您必須轉義所有字符串,這些字符串並不是已知的 - 使用哪種方法是您使用的數據庫框架的問題:它將提供轉義函數。

來源

2012-07-18 12:36:21

相關問題

 相關問題