MySQL错误:您的SQL语法有错误 [英] MySQL Error: You have an error in your SQL syntax
问题描述
我从mySQL收到此错误消息:
I get this error message from mySQL:
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'key,time)
VALUES ('FreeTest','86400')' at line 2
这是代码:
if ((isset($_POST['key'])) && (isset($_POST['days']))) {
$key = mysql_escape_string($_POST['key']);
$days = mysql_escape_string($_POST['days'] * 86400);
$add = "INSERT INTO licence
(key,time)
VALUES
('$key','$days')";
$addkey = mysql_query($add);
}
推荐答案
名为KEY
的列,这是列名称之一,可能是保留关键字,您需要转义带有反引号,因此不会出现语法错误,TIME
也是保留的keyowrd,但是mysql允许不带反引号地使用它.
The column named KEY
, which is one of the column names, happens to be a reserved keyword, you need to escape with backticks so you won't get syntax error, TIME
is also a reserved keyowrd but mysql permits it to be used without backticks.
INSERT INTO licence (`key`,time) VALUES ('$key','$days')
- MySQL保留关键字列表
- MySQL Reserved Keywords List
作为一个附带说明,如果值( s)是 SQL Injection
,则该查询容易受到攻击)的变量来自外部.请查看下面的文章,以了解如何防止这种情况的发生.通过使用PreparedStatements
,您可以避免在值周围使用单引号.
As a sidenote, the query is vulnerable with SQL Injection
if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements
you can get rid of using single quotes around values.
这篇关于MySQL错误:您的SQL语法有错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!