这里的PHP语法有什么问题?
[英]What's wrong with the PHP syntax here?
问题描述
I'm having hard time to figure out whats wrong in this code. 
我很难弄清楚这段代码有什么问题。 I tried many variations but still getting error in this line: 我尝试了许多变体,但在此行中仍然出现错误:
$query= "INSERT INTO publish (name, email, title, content)" .
"VALUES ('$row['Name']','$row['Email']',$row['title'],$row['content'])";
What could be wrong? 有什么事吗
here's the rest of the code: 这是其余的代码:
<?php
// connect to the database
include('config2.php');
// check if the 'id' variable is set in URL, and check that it is valid
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
// get id value
$id = $_GET['id'];
$dbc = mysqli_connect('localhost', 'x', 'x', 'x')
or die('Error');
$name = $row['Name'];
$email = $row['Email'];
$title = $row['title'];
$content = $row['content'];
$result = mysql_query("select *stories WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array( $result );
$query= "INSERT INTO publish (name, email, title, content)" .
"VALUES ('$row['Name']','$row['Email']',$row['title'],$row['content'])";
or die('Error querying database.');
mysqli_close($dbc);
}
?>
Error message: "parse error expecting identifier (t_string) ' or variable (t_variable) ' or number (t_num_string) '" 错误消息:“解析错误,期望标识符(t_string)'或变量(t_variable)'或数字(t_num_string)'”
3 个解决方案
解决方案1
4 已采纳 2015-06-05 00:08:26
You probably want to use complex string syntax to properly interpolate those variables. 您可能想使用复杂的字符串语法来正确地插值那些变量。 For example: 例如:
$query= "INSERT INTO publish (name, email, title, content)" .
"VALUES ('{$row['Name']}','{$row['Email']}',{$row['title']},{$row['content']})";
Though that will only fix one of the issues with the code. 虽然那只会解决代码的问题之一。
Do note there are plenty of other ways to resolve this one too, such as concatenation instead of interpolation, or string replacements, etc etc. 请注意,还有很多其他方法可以解决此问题,例如串联而不是插值或字符串替换等。
It might also be worth reading the documentation on strings at some point. 有时也应该阅读有关字符串的文档 。
解决方案2
0 2015-06-05 00:04:40
You forgot the "." 您忘记了“。” between your variables and your strings. 在变量和字符串之间。 Like so: 像这样:
$query= "INSERT INTO publish (name, email, title, content)" .
"VALUES (".$row['Name'].','.$row['Email'].','.$row['title'].','.$row['content'].")";
However, it looks like you may have some additional issues going on there with the actual SQL query. 但是,看起来您实际的SQL查询可能还会遇到一些其他问题。
解决方案3
0 2015-06-05 00:36:31
The best practice in PHP is to use single quote ' for strings. PHP的最佳实践是对字符串使用单引号' 。 Cos PHP looks for variables inside double quoted strings and keeps on sniffing whether there is a variable (or multiple variables) inside the string. Cos PHP在双引号引起来的字符串中查找变量,并不断探查字符串中是否存在变量(或多个变量)。
So for example: "A very very long string... $var1 .. long string .. $var2 string" this will run slower compared to 'A very very long string... ' . 因此,例如:“一个非常长的字符串... $ var1 ..长字符串.. $ var2字符串”与“一个非常非常长的字符串...”相比,运行起来会更慢。 $var1 . $ var1。 ' .. long string .. ' . '..长字符串..' $var2 . $ var2。 ' string'; '字符串'; cos when PHP sees single quote it won't sniff for variables inside it thus it's faster. cos当PHP看到单引号时,它不会嗅探其中的变量,因此速度更快。
From my experience, in my early age I worked on a very large php script and used double quotes everywhere. 根据我的经验,在我很小的时候,我就开发了一个很大的php脚本,并在各处使用双引号。 After the above explanation from an expert I converted the whole script to single quote and the performance was much better. 经过专家的上述解释,我将整个脚本转换为单引号,并且性能要好得多。
So for your situation I'd suggest and request to use single quotes and it'll avoid confusions as well. 因此,对于您的情况,我建议并要求使用单引号,这样也可以避免造成混淆。 Also using mysql_real_escape_string() is a good practice to avoid SQL Injection . 另外,最好使用mysql_real_escape_string()避免SQL Injection 。
$query= 'INSERT INTO publish (name, email, title, content)
VALUES (
\'' . mysql_real_escape_string ($row['Name']) . '\',
\'' . mysql_real_escape_string ($row['Email']) . '\',
\'' . mysql_real_escape_string ($row['title']) . '\',
\'' . mysql_real_escape_string ($row['content']) . '\')';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.