我有一個從一些測試數據創建的預構造數組,因爲我還沒有建立一個表單。該陣列是這樣的:MySQL語法錯誤 - 數組查詢
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
從這個數組,然後我試圖通過一個MySQL查詢的數據插入到我的數據庫:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
但是,它與下面的錯誤死亡:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, [email protected])' at line 1
請問你能告訴我哪裏出錯了嗎?
請檢查更新。 –
你仍然需要引號,'mysql_real_escape_string'的sanitize s輸入,但不添加查詢所需的引號以使查詢有效 – Clive
另外,如果您希望'mysql_real_escape_string'有任何效果,您需要通過引用訪問值:'foreach($ ud as $ key =>&$值){'... – Clive