SQL语法错误(服务器版本:5.6.17-MySQL) [英] SQL Syntax Error (Server version: 5.6.17 - MySQL)

查看:112
本文介绍了SQL语法错误(服务器版本:5.6.17-MySQL)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述


大家好,请告诉我这段代码中缺少什么.因为我收到了SQL语法错误.


Could you guys please tell me what is missing on this code. because i get SQL Syntax Error.

我创建了具有三个列的表. ID为自动识别,图像为Blob数据类型

i have created table with three colums. ID is auto incriminating and Image is Blob data type

我认为插入$ image时会发生问题

as i think problem occurs when inserting the $image

这是错误------- >>您的SQL语法有错误;请查看与您的MySQL服务器版本相对应的手册,以获取正确的语法,以在'#〜 附近使用.我在行1"

here is the error ------->> "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '�#~���I�٢7W�?Hl����:��o���:�ӏvm5V��Ό��'`V���' at line 1 " 

 <?php

if (isset($_POST["Upload"]))
 {
    include("DbConnection.php");

        $file  = $_FILES['image']['tmp_name'];


        if(!isset($file)) {
            echo 'Please Select a File';
        }
        else {
            $image     = file_get_contents($_FILES['image']['tmp_name']);
            $img_name  = $_FILES['image']['name'];
            $img_size  = getimagesize($_FILES['image']['tmp_name']);

            if ($img_size == false) 
                        {
                echo 'it is not a image'; 
                        }

        else 
        {
            $query  = mysqli_query($Con, "INSERT INTO `cars_tbl` (ID,Name,Image) VALUES ('','$img_name','$image')");
                if (!$query)
                {
                    echo 'Error Executing Query '.mysqli_error($Con);  
                    }
                    else 
                    {
                        $last_ID = mysqli_insert_id($Con);
                        echo "Image Uploaded. <p /> Your Image : <p /> <img src='get.php?ID=".$last_ID."'" ;
                        }


             }

                        } //else 
} // 1st IF

else
{
    echo 'Fill the details';
}
?>

推荐答案

问题是您显然将blob保存到数据库而没有进行转义.

The problem is you are saving apparently blob into the database without escaping it.

您必须意识到命令中会发生什么:图像数据-也可能包含'(因为它是二进制的)-使您的SQL命令无效.

You must realize what happens in your command: The image data - which can also contain ' because it is binary - invalidates your SQL command.

正确的保存方式:

1)

带有准备好的语句

2)

mysqli_query($Con, "INSERT INTO `cars_tbl` (ID, Name, Image)
   VALUES ('', '$img_name', '".mysqli_escape_string($image)."')");

我希望使用准备好的陈述.另一个问题是为什么将ID设置为空字符串.

I would prefer Prepared Statements. The other question is why you set ID to an empty string.

这篇关于SQL语法错误(服务器版本:5.6.17-MySQL)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆