我能不知道這一點,由於某種原因,即時得到此錯誤消息:SQL語法錯誤 - 不知道爲什麼得到這個?
Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5
,這是我的MySQL查詢,不知道是什麼問題,請有人可以幫助我嗎?
function blocked_users() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT *
FROM ptb_block_user
WHERE ptb_block_user.blocked_id = \"$profile_id\"
AND ptb_block_user.user_id = ".$_SESSION['user_id']."
AND ptb_block_user.blocked='1' ";
$blocked_users = mysql_query($query, $connection);
confirm_query($blocked_users);
return $blocked_users;
}
您需要周圍的$ _SESSION VAR我覺得單引號,所以'AND ptb_block_user.user_id = ' 「$ _ SESSION [ 'USER_ID'。」'' – jdepypere 2013-04-07 15:36:03
您有SQL注入漏洞。 – SLaks 2013-04-07 15:36:20