0
注意:我知道MySQL并不理想,但它已经完成了。烦人的查询错误
注意:我知道已提交拼写错误。
QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, cost, price, count, commited, ordered, cat, subcat, notes, rev_identifier,' at line 1
Query was INSERT INTO stock (name, desc, cost, price, count, commited, ordered, cat, subcat, notes, rev_identifier, sources, totalused, amountfailed) VALUES ('name', 'desc', '1', '1', '1', '0', '0', 'Apple', 'DEV', 'none', '1', 'none', '0', '0')
查询写的是:
$db->query("INSERT INTO stock (name, desc, cost, price, count, commited, ordered, cat, subcat, notes, rev_identifier, sources, totalused, amountfailed) VALUES
('$name', '$desc', '$cost', '$price', '$count', '$commited', '$ordered', '$cat', '$subcat', '$notes', '$rev_identifier', '$sources', '$totalused', '$amountfailed')");
的$的是...
$name = mysql_real_escape_string(strip_tags($_POST['name']));
$desc = mysql_real_escape_string(strip_tags($_POST['desc']));
$cost = mysql_real_escape_string(strip_tags($_POST['cost']));
$price = mysql_real_escape_string(strip_tags($_POST['price']));
$count = mysql_real_escape_string(strip_tags($_POST['count']));
$commited = 0;
$ordered = 0;
$cat = mysql_real_escape_string(strip_tags($_POST['cat']));
$subcat = mysql_real_escape_string(strip_tags($_POST['subcat']));
$notes = mysql_real_escape_string(strip_tags($_POST['notes']));
$rev_identifier = mysql_real_escape_string(strip_tags($_POST['rev_identifier']));
$sources = mysql_real_escape_string(strip_tags($_POST['sources']));
$totalused = 0;
$amountfailed = 0;
“递减”是一个保留字。用'反向引号'引用它。 – LSerni
mysql没死。 PHP ** ARE **的'mysql _ *()'函数已被弃用。但是mysql服务器仍然健康而且活着。 –
你为什么叫'strip_tags'?你真的担心你会发布HTML标签吗?或者你只是使用你在某处看到的一些代码,并认为这是一个好主意?要清楚:你不应该需要'strip_tags'。 –