1. 首页
  2. 问答
  3. PhP mysql插入语法错误

PhP mysql插入语法错误

2012-12-10 112 views
0

下面我得到一个语法错误,你的SQL语法有错误;请检查与您的MySQL服务器版本相对应的手册,以便在第1行的'call,county,id,location,callcreated,station,units,calltype,lat,lng)VAL'附近使用正确的语法,并且无法找出原因!任何帮助将不胜感激!PhP mysql插入语法错误

<?php 

mysql_connect("localhost", "test", "test") or die(mysql_error()); 
mysql_select_db("firecom") or die(mysql_error()); 

$data = file_get_contents("http://208.71.205.35/PITS/");//thanks WCCCA! 
$pattern = "/id=\"hidXMLID\" value=\"([^\"]+)\"/";//looking for the rnd xml id# 
preg_match_all($pattern, $data, $xmlext); 

$url = "http://208.71.205.35/PITS/xml/fire_data_" . $xmlext[1][0] . ".xml";//putting together the secret xml url 
$xml = simplexml_load_file($url); 

foreach ($xml->marker as $element) { 

$lat = $element->attributes()->lat; 
$lng = $element->attributes()->lng; 
$countydirty = $element->AGENCY;// gets agency 
$wcccanumberdirty = $element->CALL_NO; 
$iddirty = $element->TWO_DIGIT_CALL_NO;// gets call id# 
$calldirty = $element->CALL_TYPE_FINAL_D;// gets call type 
$locationdirty = $element->LOCATION;// gets location 
$callcreateddirty = $element->CALL_CREATED_DATE_TIME; 
$stationdirty = $element->BEAT_OR_STATION;// get first marker station 
$unitsdirty = $element->UNITS;// get first marker units 
$calltypedirty = $element->TYPE; 

//this next section removes the "~" from the start of all the lines 
$county = str_replace('~','',$countydirty); 
$wcccanumber = str_replace('~','',$wcccanumberdirty); 
$id = str_replace('~','',$iddirty); 
$call = str_replace('~','',$calldirty); 
$location = str_replace('~','',$locationdirty); 
$callcreated = str_replace('~','',$callcreateddirty); 
$station = str_replace('~','',$stationdirty); 
$units = str_replace('~','',$unitsdirty); 
$calltype = str_replace('~','',$calltypedirty); 

mysql_query("INSERT INTO calls (wcccanumber, call, county, id, location, callcreated, station, units, calltype, lat, lng) VALUES('$wcccanumber', '$call', '$county', '$id', '$location', '$callcreated', '$station', '$units', '$calltype', '$lat', '$lng')") or die(mysql_error()); 

echo "$call - $county - $wcccanumber - $id - $location - $callcreated - $station - $units - $calltype <br />"; 
} 

?>

来源

2012-12-10 Jon Erickson

+0

我假设你已经检查过以确保你的列名是正确的? – NappingRabbit

+0

问题在于保留字“call”。 –

回答

5

callreserved word,则必须在后面被包裹蜱:

INSERT INTO calls (wcccanumber, `call`, ...

来源

2012-12-10 20:21:38 Kermit

2

call是在MySQL中的保留字,所以如果你把它作为一个列名需要引用它反引号:

wcccanumber, `call`, county...

除此之外,你需要切换到PDO /库MySQLi,准备语句来修复你有潜在的SQL注入的问题。

来源

2012-12-10 20:21:46 jeroen

+0

谢谢,就是这样。你在说什么可能的sql注入? –

+0

@Jon Erickson如果你的一个字段包含例如一个'''字符,它会破坏你的sql语句,这可能会被滥用。如果不更改为PDO或mysqli,则至少应在变量中使用“mysql_real_escape_string”,然后再将它们添加到查询中。 – jeroen

+0

好的,谢谢。顺便说一下,XML文档无法被滥用。它来自政府机构,xml链接的URL不断变化并且是完全随机的。 –

1

callreserved word。你必须引用反引号:

mysql_query("INSERT INTO calls (wcccanumber, `call`, county, id, ...

P.S.对于数据库问题(特别是语法错误),您不需要包含所有DOM内容。如何获得查询的值几乎总是不相关的。

来源

2012-12-10 20:21:51

相关问题

 相关问题