1. 首頁
  2. 問答
  3. MySQL語法錯誤 - 數組查詢

MySQL語法錯誤 - 數組查詢

2011-10-09 103 views
1

我有一個從一些測試數據創建的預構造數組,因爲我還沒有建立一個表單。該陣列是這樣的:MySQL語法錯誤 - 數組查詢

$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]'); 

foreach ($ud as $key => $value) { 
    $value = mysql_real_escape_string($value); 
}

從這個數組,然後我試圖通過一個MySQL查詢的數據插入到我的數據庫:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());

但是,它與下面的錯誤死亡:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, [email protected])' at line 1

請問你能告訴我哪裏出錯了嗎?

來源

2011-10-09 max_

回答

1

您需要parenthases周圍的每個值引號

來源

2011-10-09 00:21:00 Jeff

0 
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

試試吧:)

來源

2011-10-09 00:23:03 Dzoki

0

從列名的是varchar列的類型,所以你需要用引號來包裝你的價值觀的聲音:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

此外,如果這些值來自用戶輸入,則應通過mysql_real_escape_string運行每個值以幫助防止SQL注入攻擊

來源

2011-10-09 00:23:30 Clive

+0

請檢查更新。 –

+0

你仍然需要引號,'mysql_real_escape_string'的sanitize s輸入,但不添加查詢所需的引號以使查詢有效 – Clive

+0

另外,如果您希望'mysql_real_escape_string'有任何效果,您需要通過引用訪問值:'foreach($ ud as $ key =>&$值){'... – Clive

1

兩件事情:

  1. As Jeff notes,你需要把周圍的字符串引號。
  2. 在引用它們之前,您需要將每個字符串傳遞給mysql_real_escape_sring()

來源

2011-10-09 00:24:16

+0

我正在運行mysql_real_escape_string之前 –

0

看到這個:

VALUES( 「$ UD [ '名']。」,

NEDD說:

VALUES('」。$ UD [ '名'] 「」,

而對於其他列太(如果不是數字小)

來源

2011-10-09 00:35:07 TROODON

相關問題

 相關問題