1. 首页
  2. 问答
  3. 1064错误MySql中要求

1064错误MySql中要求

2012-07-18 32 views
-3

我有下面的PHP代码:1064错误MySql中要求

function get_all_labels_by_language_id($language_code, $page_index, $user_id) { 
    $language_id = $this->get_language_id($language_code); 
    $users_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
      coalesce(loc.language_value) 
      from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
      and eng.label_value = loc.label_value 
      and loc.user_id = '" . $user_id . "' 
      where eng.language = 45 
      order by loc.language_value"; 
    $data = $this->db->query($users_query)->result_array(); 
    $result = array(); 
    for ($i = 0; $i < count($data); $i++) { 
     $result[$i]['language_id'] = $language_id; 
     if (!$data[$i]['user_id']) { 
      $result[$i]['translate'] = $data[$i]; 
      $result[$i]['alternatives'] = NULL; 

      $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
      and eng.label_value = loc.label_value 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      order by loc.language_value"; 
      $other_records = $this->db->query($other_records_query)->result_array(); 
      for ($k = 0; $k < count($other_records); $k++) { 
       if ($other_records[$k]['approved'] == '1') { 
        $result[$i]['translate'] = $other_records[$k]; 
       } else { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } 
     } else { 
      $result[$i]['translate'] = $data[$i]; 
      $result[$i]['alternatives'] = NULL; 
      if ($data[$i]['approved'] == '1') { 
       $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
        and eng.label_value = loc.label_value 
        and loc.approved='1' 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      and approved='0' order by loc.language_value"; 
       $other_records = $this->db->query($other_records_query)->result_array(); 
       for ($k = 0; $k < count($other_records); $k++) { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } else { 
       $other_records_query = "select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value,  
       coalesce(loc.language_value) 
       from labels eng 
      left outer join  
       labels loc 
      on  loc.language = " . $language_id . " 
        and eng.label_value = loc.label_value 
        and loc.approved='1' 
      where eng.language = 45 and loc.label_value='" . $data[$i]['label_value'] . "' 
      order by loc.language_value"; 
       $other_records = $this->db->query($other_records_query)->result_array(); 
       for ($k = 0; $k < count($other_records); $k++) { 
        $result[$i]['alternatives'][] = $other_records[$k]; 
       } 
      } 
     } 
    }

此代码工作的权利,但现在我已经得到了以下错误:

错误编号:1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't set up correctly. If you're the store owner, please refer to' ' at line 8 

select eng.label_value, loc.votes, loc.user_id, loc.approved, eng.language_value, coalesce(loc.language_value) from labels eng left outer join labels loc on loc.language = 24 and eng.label_value = loc.label_value where eng.language = 45 and loc.label_value='It looks like the payment gateway isn't set up correctly. If you're the store owner, please refer to' order by loc.language_value 

Filename: Z:\home\localhost\www\system\database\DB_driver.php 

Line Number: 330

请告诉我,我该如何解决它?我不明白我错在哪里。先谢谢你。

来源

2012-07-18 user1517541

+0

嗯,[bobby tables](http://xkcd.com/327/) – Ben 2012-07-18 12:39:29

回答

0

你应该逃避'在字符串字面

'It looks like the payment gateway isn\'t set up correctly. If you\'re the store owner, please refer to'

mysql_real_escape_string是你的朋友。

来源

2012-07-18 12:26:58 triclosan

1

你没有转义字符串,你传递到列label_value。它包含破坏查询的字符。

UPDATE

这看起来像笨,所以你应该使用:

$this->db->escape();

这里的手工

http://codeigniter.com/user_guide/database/queries.html

来源

2012-07-18 12:27:01 Zagor23

+1

另外,查询绑定在用户指南的同一页上值得一提 – Ben 2012-07-18 12:42:32

0

您正在构建SQL与转义字符串 - 当下一个的字符串包含一个报价,你已经死了。而我的意思是:如果这是一个用户提供的值,那么你只是失去了对数据库的控制权(Google针对“SQL注入”)。

您必须转义所有字符串,这些字符串并不是已知的 - 使用哪种方法是您使用的数据库框架的问题:它将提供转义函数。

来源

2012-07-18 12:36:21

相关问题

 相关问题