谁能告诉我这个查询有什么问题吗?
$sql = "INSERT INTO vendors (business_name, address, description, contact_name,
contact_phone, alt_phone, url, level, use_me)
VALUES($_POST['business_name'],
$_POST['address'],
$_POST['description'],
$_POST['contact_name'],
$_POST['contact_phone'],
$_POST['alt_phone'],
$_POST['url'],
$_POST['level'],
$_POST['use_me'])";
当尝试执行时,我得到了错误: 解析错误:语法错误,意外的 T_ENCAPSED_AND_WHITESPACE,需要 T_STRING 或 T_VARIABLE 或 T_NUM_STRING @“VALUES”开始的行号
最佳答案
首先,永远不要将原始数据注入(inject)您的数据库。
$cleanData = array();
foreach($_POST as $key => $post) {
$cleanData[$key] = mysqli_real_escape_string($link, $post);
}
现在我们已经清楚了,语法错误是由不正确的字符串语法引起的,但是一旦解决了这个问题,您还会遇到查询中缺少引号的问题。以下解决了这两个问题:
// note the trailing quotation mark
$sql = 'INSERT INTO vendors (business_name, address, description, contact_name,
contact_phone, alt_phone, url, level, use_me) VALUES ("';
// now let's simplify the meat of the query with an implode.
$sql .= implode('", "', array(
$cleanData['business_name'],
$cleanData['address'],
$cleanData['description'],
$cleanData['contact_name'],
$cleanData['contact_phone'],
$cleanData['alt_phone'],
$cleanData['url'],
$cleanData['level'],
$cleanData['use_me']
));
$sql .= '")'; // and one final quotation mark, along with a closing parenthesis
关于php mysql 语法错误但我没有看到它?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7990408/