PHP |插入数组时SQL语法错误
我在将数组插入 sql 数据库时遇到一些问题。
我的错误如下:
Unable to add : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '06:45:23,i want to leave a comment)' at line 1
我的查询 var_dump 是:
string(136) "INSERT INTO news_comments (news_id,comment_by,comment_date,comment) VALUES (17263,Philip,2010-05-11 06:45:23,i want to leave a comment)"
我的问题是如何向 id 添加空值,因为它是主键而不是 news_id
我的插入函数如下所示:
function insertQuery($tbl, &$data)
{
global $mysqli;
$_SESSION['errors'] = array();
require_once '../config/mysqli.php';
$query = "INSERT INTO $tbl (".implode(',',array_keys($data)).") VALUES (".implode(',',array_values($data)).")";
var_dump($query);
if($result = mysqli_query($mysqli, $query))
{
//$id = mysqli_insert_id($mysqli);
print 'Very well done sir!';
}
else
{
array_push($_SESSION['errors'], 'Unable to add : ' . mysqli_error($mysqli));
}
}
注意:数组不是我的强项,所以我可能错误地使用它们!
I am having some trouble inserting an array into the sql database.
my error is as follows:
Unable to add : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '06:45:23,i want to leave a comment)' at line 1
My query var_dump is:
string(136) "INSERT INTO news_comments (news_id,comment_by,comment_date,comment) VALUES (17263,Philip,2010-05-11 06:45:23,i want to leave a comment)"
My question is how can i add an empty value to id as it is the primary key and not news_id
my insert function looks like this:
function insertQuery($tbl, &$data)
{
global $mysqli;
$_SESSION['errors'] = array();
require_once '../config/mysqli.php';
$query = "INSERT INTO $tbl (".implode(',',array_keys($data)).") VALUES (".implode(',',array_values($data)).")";
var_dump($query);
if($result = mysqli_query($mysqli, $query))
{
//$id = mysqli_insert_id($mysqli);
print 'Very well done sir!';
}
else
{
array_push($_SESSION['errors'], 'Unable to add : ' . mysqli_error($mysqli));
}
}
Note: arrays are not my strong point so i may be using them in-correctly!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您需要用单引号
'yyyy-mm-dd hh:mm:ss'将数据括起来(您需要将它们应用于所有文本字段(日期、varchar、char、文本等)。另外,请确保正确转义可能属于文本一部分的任何单引号。You need to wrap your data with single quotes
'yyyy-mm-dd hh:mm:ss'(You need to apply them to all text fields (date, varchar, char, text so on). Also, make sure to properly escape any single quotes that might be part of the text.值(如果不是数字)必须放在引号之间。
遍历数组并将值放入引号中,然后您可以像在代码片段中那样将其内爆。
the values (if not numeric) have to be placed in between quotes.
go through the array and place the values into quotes, then you can implode it as you did in your code snippet.
您在这里正确使用数组,即使是以一种奇怪的方式。您的主要问题是您如何做到这一点,您正在破坏查询:
字符串值应该加引号,如下所示:
从技术上讲,如果您也将引号放在数字周围,则不会产生任何影响,因为MySQL 应该根据需要将它们转换为数字。因此,您的代码应该更像这样:
注意第二个
array_implode中额外的'引号。这将用单引号将每个值括起来,从而允许在数据库中使用它。但请注意,如果任何值包含
',那么它将中断。您需要转义这些,通常使用双精度数,将其转换为''。如果你使用mysql_escape_string,它会处理所有这一切都为您服务,但必须根据每个人的价值观来完成。You are using arrays correctly here, even if in an odd manner. Your main problem is that how you're doing it, you're breaking the query:
The string values should be quoted, as such:
Technically, if you put quotes around your numbers, too, it won't make a difference, since MySQL should convert them to numbers as needed. So, your code should be more like this:
Notice the extra
'quotes in the secondarray_implode. This will wrap every value with a single quote, allowing it to be used in the database.Note, however, that if any of the values contain a
', then it will break. You need to escape these, usually using a double, turning it into''. if you use mysql_escape_string, it will take care of all this for you, but it has to be done on each individual value.您需要在字符串周围添加一个
"i Want to Leave a comment comment试试这个
You need a
"arround the string i want to leave a comment commentTry this
我认为您在字符串值周围缺少引号(
'),例如值应该类似于:注意:不要忘记使用
mysql_real_escape_string函数字符串值。I think you are missing quotes (
') around string values eg values should be like:Note: Don't forget to use
mysql_real_escape_stringfunction for string values.