我有一个根据一些测试数据创建的预构造数组,因为我尚未设置发布表单。该数组如下所示:
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
然后,我尝试通过该数组将数据通过 MySQL 查询插入到我的数据库中:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
但是,它因以下错误而终止:
您的 SQL 语法中有错误;检查与您的 MySQL 服务器版本相对应的手册,了解在 '@email.com、用户名、密码、伦敦、移动、开发人员、你好、[电子邮件受保护])'位于第 1 行
请您告诉我哪里出了问题?
I have a pre-constructed array created from some test data as I have not yet set up a post form. The array looks like this:
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
From this array, I then try to insert the data via a MySQL query into my database:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
However, it dies with the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, [email protected])' at line 1
Please can you tell me where I am going wrong?
发布评论
评论(5)
括号中的每个值都需要引号
You need quotes around each value in parenthases
有两件事:
mysql_real_escape_sring()。Two things:
mysql_real_escape_sring().尝试一下:)
try it:)
从列名的声音来看,这些是
varchar列类型,因此您需要用引号将值括起来:此外,如果值来自用户输入,您应该通过
mysql_real_escape_string运行每个值code> 帮助防止 SQL 注入攻击From the sounds of the column names those are
varcharcolumn types so you need to wrap your values with quotes:Also if the values are coming from user input you should run each value through
mysql_real_escape_stringto help prevent against SQL injection attacks请参阅:
VALUES (" . $ud['name'] . ",
Nedd that:
VALUES ('" . $ud['name'] . "',
对于其他列也是如此(如果不是数字)
See this:
VALUES (" . $ud['name'] . ",
Nedd that:
VALUES ('" . $ud['name'] . "',
And for other columns too (if is not numberic)