收到SQl语法错误
[英]Getting an error of SQl Syntax
问题描述
Getting an error of 
出现错误
"Error: 1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"
Please help guys, Many thanks in advance. 请帮助大家,非常感谢。
Code: 码:
<?php
include('head.php');
if(isset($_POST['submit']))
{
$userid = trim($_POST['userid']);
$email = trim($_POST['email']);
$mobile = trim($_POST['mobile']);
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>******</title>
<link href="forum-styles.css" rel="stylesheet" type="text/css">
</head>
<style type="text/css">
.txtField {
padding: 5px;
border:#fedc4d 1px solid;
border-radius:4px;
}
</style>
<body background="img/gold-and-money.jpg">
<form action="" method="post" class="basic-grey">
<h1>****** Forgot Password
<span>Please let us know your UserId, We will reset password and inform you.</span> </h1>
<label>
<span>User Id :</span>
<input type="text" name="userid" required />
</label>
<label>
<span>Mobile N. :</span>
<input type="text" name="mobile" required/>
</label>
<label>
<span>Email Id :</span>
<input type="text" name="email" required/>
</label>
<label>
<div align="right"><span> </span>
<input type="submit" class="button" value="Submit" name="submit"/>
</div>
</label>
</form>
</body>
</html>
6 个解决方案
解决方案1
2 2014-12-12 04:28:51
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
You've got two calls here to mysqli_query . 您在这里有两个mysqli_query电话。 The first time, you're making the query and assigning the return value to $sql ; 第一次,您进行查询并将返回值分配给$sql ; the second time, you're running $sql as a query. 第二次,您正在运行$sql作为查询。
To fix the immediate problem, do something along the lines of: 要解决当前的问题,请按照以下步骤进行操作:
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
You're assigning your query to a string, and then using that in your query. 您正在将查询分配给一个字符串,然后在查询中使用它。 This makes debugging things easier, as you can now output your generated query to check what you're producing. 这使调试变得更容易,因为您现在可以输出生成的查询以检查所生成的内容。
However 然而
You're also passing user-generated data directly into an SQL query, without escaping it. 您还将用户生成的数据直接传递到SQL查询中,而不进行转义。 This is very bad - at best, you're going to have a problem if some of the data contains apostrophes. 这非常糟糕-充其量,如果某些数据包含撇号,您将遇到问题。 At worst, your database will get hacked. 最糟糕的是,您的数据库将被黑客入侵。 One solution here is to use escaping, as Fred suggested, using mysqli_real_escape_string : 如Fred所建议的,这里的一种解决方案是使用转义,即使用mysqli_real_escape_string :
$userid = mysqli_real_escape_string($conn, $_POST['userid']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
I'd suggest also looking at using bound parameters and a prepared statement instead, for added extra security. 我建议也考虑使用绑定参数和准备好的语句,以增加额外的安全性。
- Use prepared statements , or PDO with prepared statements , they're much safer . 使用预处理语句或将PDO与预处理语句结合 使用起来更加安全 。
解决方案2
0 2014-12-12 04:21:34
@andrewsi回答正确:“您两次运行查询。第一次,您将结果分配给$ sql;第二次,您尝试将结果作为查询运行。”
解决方案3
0 2014-12-12 04:28:32
@andrewsi, you r running your query twice and your your query contains variables which you have make them as literals. @andrewsi,您将查询运行两次,并且您的查询包含使它们成为文字的变量。 so code would be like this: 因此代码如下所示:
$sql ="INSERT INTO forgot(userid,email,mobile)VALUES ($userid,$email,$mobile)";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
I hope this will help you. 我希望这能帮到您。
解决方案4
0 2014-12-12 04:33:17
Here is a basic example. 这是一个基本示例。 Check where you have a turn. 检查您转弯的地方。 Always keep follow the standard way of coding. 始终遵循标准的编码方式。
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TABLE myCity LIKE City");
$query = "INSERT INTO myCity VALUES (NULL, 'Stuttgart', 'DEU', 'Stuttgart', 617000)";
$mysqli->query($query);
printf ("New Record has id %d.\n", $mysqli->insert_id);
/* drop table */
$mysqli->query("DROP TABLE myCity");
/* close connection */
$mysqli->close();
?>
解决方案5
0 2014-12-12 04:44:29
Ankit, their are few things to take care of while coding the queries, instead of explaining them, I will try to rewrite the query: Ankit,在对查询进行编码时需要注意的几件事,而不是解释它们,我将尝试重写查询:
$query = sprintf("INSERT INTO forgot('userid','email','mobile') VALUES ('%s', '%s', '%s')" , mysqli_real_escape_string( $con, $_POST['userid'] ) , mysqli_real_escape_string( $con, $_POST['email'] ) , mysqli_real_escape_string( $con, $_POST['mobile'] )); if (mysqli_query($dbConnection, $query)) { echo "Successfully inserted" . mysqli_affected_rows($conn) . " row"; } else { echo "Error occurred: " . mysqli_error($dbConnection); }
if in case, userid is the integer, convert the userid to int as follows before creating the $query: 如果万一userid是整数,则在创建$ query之前,将userid转换为int,如下所示:
$userid = (int)$_POST['userid'];
解决方案6
0 2014-12-12 04:57:36
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
It will work. 它会工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.