在 mysql-php 中出现语法错误.您的 SQL 语法有错误； [英] Getting syntax error in mysql-php. You have an error in your SQL syntax;

问题描述

我正在使用表 user_like 来保存用户喜欢的点击次数.

I am using table user_like to save user like hits.

表结构如下.

id  user_id     song_id     like
--------------------------------
67    2           148         0

所有列数据类型都是 int(11).

$song_id=$_GET['song_id'];
$query="select * from atr_like WHERE song_id = '$song_id' and like = 0";
$rs = mysql_query($query) or
die(mysql_error());
echo mysql_num_rows($rs);

我收到以下错误.

您的 SQL 语法有错误；检查手册对应于您的 MySQL 服务器版本以使用正确的语法在第 1 行靠近 'like = 0'.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like = 0' at line 1.

我无法指出错误的根本原因是它看起来一切正常.

I am not able to point out root cause of error is it looks everthing is okay.

请帮忙.

提前致谢.

推荐答案

LIKE 是保留关键字.您可以使用反引号将其转义.

LIKE is a reserved keyword. You can escape it with backtick.

SELECT  * 
FROM    atr_like 
WHERE   song_id = '$song_id' and 
        `like` = 0

另一种方法是在表上提供别名，例如

Another way is to supply alias on the table, eg

SELECT  a.* 
FROM    atr_like a
WHERE   a.song_id = '$song_id' and 
        a.like = 0

• SQLFiddle 演示

其他来源

• MySQL 保留关键字列表

如果您有时间更改它，请不要使用保留关键字列表中的表名或列名.以后脖子会这么痛.

If you have time to alter it, don't use tablename or columnname which is on the reserved keyword list. it will give you such pain in the neck on the future.

作为旁注，查询容易受到SQL注入的影响，如果value(s) 来自外部.请查看下面的文章，了解如何预防.通过使用 PreparedStatements，您可以摆脱在值周围使用单引号.

As a sidenote, the query is vulnerable with SQL Injection if the value(s) came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• 如何在 PHP 中防止 SQL 注入?

这篇关于在 mysql-php 中出现语法错误.您的 SQL 语法有错误；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！