MySQL錯誤：「你在你的SQL語法錯誤」

Question

下面這段代碼給了我這個錯誤：

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1" 

我不明白這裏的問題

<?php 
include(".conf.php"); 
$con = mysql_connect($conf['db_hostname'], $conf['db_username'], $conf['db_password']) or die (mysql_error()); 
$db = mysql_select_db("aTable", $con); 
$pr = $_GET['aThing']; 
$pr = addslashes(htmlentities($prof)); 
$info_array = mysql_query("SELECT * FROM '$db' where id = '$pr'", $con) or die(mysql_error()); 

while($row = mysql_fetch_array($info_array)) { 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
    echo "</br>"; 
    echo $row['aThing']; 
}; 
?> 

感謝您的幫助。

Answer 1

你應該把表名到FROM：SELECT * FROM aTable WHERE ....。還有，你別沒有逃避來自用戶的變量。 你會需要這樣的東西：
mysql_query("SELECT * FROM aTable where id = '".mysql_real_escape_string($pr)."'", $con) or die(mysql_error());

Answer 2

功能mysql_select_db返回或者TRUE或FALSE

相反，嘗試：

$info_array = mysql_query("SELECT * FROM aTable where id = '$pr'", $con) or die(mysql_error()); 

或許：

$dbtable = "aTable"; 
$info_array = mysql_query("SELECT * FROM $dbtable where id = '$pr'", $con) or die(mysql_error()); 

Answer 3

I am pretty sure it doesn't have any errors with the exception of the fatal error killing it.

我會說你會得到一個解決方案，如果你認爲MySQL時，它會告訴你有問題快。

重讀的錯誤信息：

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1

我懷疑表名和周圍的ID引號。如果這是一個整數列，我希望看到一個沒有引號的數字。

Answer 4

如果我沒有記錯，mysql_select_db返回true或false。它不返回數據庫名稱。