1. 首頁
  2. 問答
  3. SQL語法錯誤 - 不知道爲什麼得到這個?

SQL語法錯誤 - 不知道爲什麼得到這個?

2013-04-07 147 views
0

我能不知道這一點,由於某種原因,即時得到此錯誤消息:SQL語法錯誤 - 不知道爲什麼得到這個?

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ptb_block_user.blocked=1' at line 5

,這是我的MySQL查詢,不知道是什麼問題,請有人可以幫助我嗎?

function blocked_users() { 
      global $connection; 
      global $_SESSION; 
      global $profile_id; 
      $query = "SELECT * 
         FROM ptb_block_user 
         WHERE ptb_block_user.blocked_id = \"$profile_id\" 
         AND ptb_block_user.user_id = ".$_SESSION['user_id']." 
         AND ptb_block_user.blocked='1' "; 
         $blocked_users = mysql_query($query, $connection); 
      confirm_query($blocked_users); 
      return $blocked_users; 

     }

來源

2013-04-07 James Pale

+0

您需要周圍的$ _SESSION VAR我覺得單引號,所以'AND ptb_block_user.user_id = ' 「$ _ SESSION [ 'USER_ID'。」'' – jdepypere 2013-04-07 15:36:03

+0

您有SQL注入漏洞。 – SLaks 2013-04-07 15:36:20

回答

0

你總是可以做一個print $query太瞭解SQL查詢的樣子。發現錯誤會更容易。

來源

2013-04-07 15:36:31 daniels

0 
function blocked_users() { 
      global $connection; 
      global $_SESSION; 
      global $profile_id; 
      $query = "SELECT * 
         FROM ptb_block_user 
         WHERE ptb_block_user.blocked_id = ".mysql_real_escape_string($profile_id)." 
         AND ptb_block_user.user_id = ".mysql_real_escape_string($_SESSION['user_id'])." 
         AND ptb_block_user.blocked=1;"; 
      $blocked_users = mysql_query($query, $connection); 
      confirm_query($blocked_users); 
      return $blocked_users; 
     }

使用的mysqli的lib爲mysql:http://www.php.net/manual/en/book.mysqli.php

來源

2013-04-07 15:37:13 sdespont

0 
SELECT * 
    FROM ptb_block_user b 
WHERE b.blocked_id = '$profile_id' 
    AND b.user_id = '{$_SESSION['user_id']}' 
    AND b.blocked=1

來源

2013-04-07 15:37:31 Strawberry

0

如果你使用普通的php而沒有框架,sou應該總是使用準備好的語句進行mysql通信。這是更安全的,並保護你免受mysql注入。

試試這個。

db = new mysqli("your_ip_or_host","username","password","name_of_database"); 
$st = $db->prepare("SELECT * 
        FROM ptb_block_user 
        WHERE ptb_block_user.blocked_id = ? 
        AND ptb_block_user.user_id = ? 
        AND ptb_block_user.blocked=?"); 

$st->bind_param('iii', intval($profile_id), intval($_SESSION['user_id']),1); 

$st->execute(); 

$st->store_result(); 
$st->bind_result($col1, $col2, ... , $colx); 

while($st->fetch()) 
{ 
    echo "col1=$col, col2=$col2, ...., colX=$colx \n"; 
} 

$st->close();

來源

2013-04-07 15:41:48 cb0

相關問題

 相關問題