1. 首页
  2. 问答
  3. MySQL语法错误 - 数组查询

MySQL语法错误 - 数组查询

2011-10-09 41 views
1

我有一个从一些测试数据创建的预构造数组,因为我还没有建立一个表单。该阵列是这样的:MySQL语法错误 - 数组查询

$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]'); 

foreach ($ud as $key => $value) { 
    $value = mysql_real_escape_string($value); 
}

从这个数组,然后我试图通过一个MySQL查询的数据插入到我的数据库:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());

但是,它与下面的错误死亡:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, [email protected])' at line 1

请问你能告诉我哪里出错了吗?

来源

2011-10-09 max_

回答

1

您需要parenthases周围的每个值引号

来源

2011-10-09 00:21:00 Jeff

0 
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

试试吧:)

来源

2011-10-09 00:23:03 Dzoki

0

从列名的是varchar列的类型,所以你需要用引号来包装你的价值观的声音:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

此外,如果这些值来自用户输入,则应通过mysql_real_escape_string运行每个值以帮助防止SQL注入攻击

来源

2011-10-09 00:23:30 Clive

+0

请检查更新。 –

+0

你仍然需要引号,'mysql_real_escape_string'的sanitize s输入,但不添加查询所需的引号以使查询有效 – Clive

+0

另外,如果您希望'mysql_real_escape_string'有任何效果,您需要通过引用访问值:'foreach($ ud as $ key =>&$值){'... – Clive

1

两件事情:

  1. As Jeff notes,你需要把周围的字符串引号。
  2. 在引用它们之前,您需要将每个字符串传递给mysql_real_escape_sring()

来源

2011-10-09 00:24:16

+0

我正在运行mysql_real_escape_string之前 –

0

看到这个:

VALUES( “$ UD [ '名']。”,

NEDD说:

VALUES('”。$ UD [ '名'] “”,

而对于其他列太(如果不是数字小)

来源

2011-10-09 00:35:07 TROODON

相关问题

 相关问题