PHP SQL插入错误 [英] PHP SQL Insert Error
问题描述
插入数据库时出现错误。
代码:
dbquery(INSERT INTO site_news_comments(articleid,title,short,comment,timestamp,userid,main,type,topstory)VALUES($ article,'。clean($ commentss ['title']) ,'','。mysql_real_escape_string($ _ POST ['comment'])。'',current_timestamp,'。USER_ID。','0' '));
忽略dbquery,与mysql_query完全一样。
我收到的错误是:
您的SQL语法有错误;请检查与您的MySQL服务器版本对应的手册,以获得在''title','short','
不知道为什么会抛出此错误!
教一个人如何钓鱼。 >
如果查询失败,您应该做的第一件事是回显您要发送的查询:
$ sql =INSERT INTO site_news_comments(articleid,title,short,comment,timestamp,userid,main,type,topstory)VALUES($ article,'。 '])。','','。mysql_real_escape_string($ _ POST ['comment'])。'',current_timestamp,'。USER_ID。','0' ]。','');
echo $ sql;
通常很明显最终查询有什么问题;请特别注意查询中的动态内容,并通常围绕MySQL所抱怨的区域。
如果仍然看起来不错,那么你会寻找可能需要转义的词,例如保留字。
结论
查看mysql代码后,我必须得出结论:与 $ article ,它会导致您的查询中的问题。您应该也可以逃脱它,以防万一:
建议
您应该了解PDO / mysqli并使用准备的语句:
// PDO示例
$ stmt = $ db - > prepare('INSERT INTO site_news_comments(articleid,title,short,comment,timestamp,userid,main,type,topstory)VALUES(:article,:title,:short,:comment,CURRENT_TIMESTAMP,:user,:main, :type,:topstory)');
$ stmt-> execute(array(
':article'=> $ article,
':title'=> $ commentss ['title'],
':short'=>'',
':comment'=> $ _POST ['comment'],
':user'=> USER_ID,
':main' => 0,
':type'=> $ commentss ['type'],
':topstory'=>'',
)
I have an error when inserting into the database.
Code:
dbquery("INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')");
Ignore the dbquery, works exactly as mysql_query.
The error I am receiving is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''title','short','
No idea why this error is being thrown!
Teaching a man how to fish.
If a query fails, the first thing you should do is to echo the query you're about to send:
$sql = "INSERT INTO site_news_comments (articleid,title,short,comment,timestamp,userid,main,type,topstory) VALUES ($article,'".clean($commentss['title'])."','','".mysql_real_escape_string($_POST['comment'])."',current_timestamp,'".USER_ID."','0','".$commentss['type']."','')";
echo $sql;
It's usually pretty obvious what's wrong with the final query; pay particular attention to the dynamic stuff in your query and generally around the area where MySQL complains about.
If that still looks okay, then you look for words that might need escaping, such as the reserved words.
Conclusion
Having looked at the code mysql, I would have to conclude that the problem lies with $article and it causes problems in your query. You should probably escape it as well, just in case :)
Recommendation
You should learn about PDO / mysqli and using prepared statements:
// PDO example
$stmt = $db->prepare('INSERT INTO site_news_comments (articleid, title, short, comment, timestamp, userid, main, type, topstory) VALUES (:article, :title, :short, :comment, CURRENT_TIMESTAMP, :user, :main, :type, :topstory)');
$stmt->execute(array(
':article' => $article,
':title' => $commentss['title'],
':short' => '',
':comment' => $_POST['comment'],
':user' => USER_ID,
':main' => 0,
':type' => $commentss['type'],
':topstory' => '',
));
这篇关于PHP SQL插入错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
