“字段列表"中的未知列 [英] Unknown Column in 'field list'

问题描述

以下代码是导致MySQL错误Error In Insert-->Unknown column 'field list'中的'expert manager'的原因.如果我删除下面的代码，它将解决 MySQL 错误.你知道这段代码有什么问题吗?

The following code is responsible for the MySQL error Error In Insert-->Unknown column 'expert manager' in 'field list'. If I remove the code below it will solve the MySQL error. Do you know what's wrong with this piece of code?

$l=0;
$source = 'expertmanager';
mysql_query("DELETE FROM `student_questions` WHERE user_id=".$userId."");

for($i=0; $i < $count; $i++) 
{   
mysql_query("INSERT INTO `student_questions` (`user_id`, `checked_id`, `category_id`, course_id, `question`, `exe_order`, `time`,course_code, year, school, status, close, source) VALUES ('".$userId."', '".$_POST['checkbox'][$i]."', ".$this->cat.", ".$course_id.",'".$_SESSION['question']."','".(++$l)."', '".$time."', '".$course_code."', '".$year."', '".$school."', 1, ".$close.", ".$source.")") or die("Error In Insert-->".mysql_error()); 
}

谢谢！

推荐答案

这段代码有什么问题:

不要使用短于 3-5 个字符的变量名称.每个变量名称都应描述您要存储在其中的值.

Don't use variable names that are shorter than 3-5 chars. Every variable name should describe the value(s) you want to store inside.

//bad
$l=0;
//good
$executionOrder = 0;

查询的串联

不要串联查询，这是一种不好的做法，会导致错误、不安全的应用程序等.也不要使用 mysql API，它已经过时、不安全并且将被弃用.改用 PDO 和准备好的语句.

Concatenation of queries

Don't concatenate queries, it's a bad practice that leads to errors, insecure applications, etc. Don't use the mysql API either, it's outdated, insecure and will be deprecated. Use PDO and prepared statements instead.

//bad
mysql_query("DELETE FROM `student_questions` WHERE user_id=".$userId."");

//good
$statement = $db->prepare("DELETE FROM `student_questions` WHERE user_id = ?);
$statement->execute(array($userId));

die() 的使用

我一直看到它，我看到人们一直在告诉其他人这样做.这显然是一种糟糕的做法，现在是人们开始理解这一点的时候了.您无法以任何方式捕获错误.您无法记录错误.您无法控制它是否应该输出到屏幕上.在开发环境中这样做是可以的，但在生产环境中肯定不行.

Usage of die()

I see it all the time, and I see people telling other people to do that all the time. It's plain simply bad practice and it's time that people start to understand this. You cannot catch the error in any way. You cannot log the error. You cannot control whether it should be output to the screen or not. It's okay to do that in a development environment, but certainly not in a production environment.

永远不要在您的查询中包含未过滤/未转义的用户数据(会话、获取、发布、cookie 等).

NEVER, NEVER include user data (session, get, post, cookie, etc.) unfiltered/unescaped into your queries.

//really bad
$query = "SELECT something FROM table WHERE " . $_POST['someValue'];

//better
$query = "SELECT something FROM table WHERE " . mysql_real_escape_string($_POST['someValue']);

//even better: use prepared statements as shown above

最后是最小的错误和造成您错误的事情

//bad
$query = "INSERT INTO `student_questions` (source) VALUES (expertmanager)"; //that's what you have

//better
$query = "INSERT INTO `student_questions` (source) VALUES ('expertmanager')";

这篇关于“字段列表"中的未知列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！