在数据库上完成查询时出现SQL语法错误
[英]SQL syntax error when completing query on a database
问题描述
I'm trying to search a video database for information about them. 
我正在尝试搜索视频数据库以获取有关它们的信息。 everything is in one page. 一切都在一页中。 There are no external form posting into this one, its located on this page. 此页面上没有任何外部表单过帐。
<?php
$connection = mysql_connect("localhost","root","Oliver") or die (mysql_error());
mysql_select_db("videos", $connection) or die (mysql_error());
$sql = "SELECT * FROM videos";
if (isset($_POST['search'])){
$search_term = mysql_real_escape_string($_POST['search_box']);
$sql .= "WHERE name LIKE '{$search_term}'";
}
$query = mysql_query($sql) or die(mysql_error());
?>
<html>
<form name="search_form" method="POST" action="display_data.php">
<input type="text" name="search_box" placeholder="Search..."/>
<input type="submit" name="search" value="Search"/>
</form>
<table style="width:70%; cellpadding:5 cellspace:6">
<tr>
<td><strong>Film ID</strong></td>
<td><strong>Name</strong></td>
</tr>
<?php while ($row = mysql_fetch_array($query)) {?>
<tr>
<td><?php echo $row['ID']; ?></td>
<td><?php echo $row['name']; ?></td>
</tr>
<?php } ?>
</table>
</html>
But I get the following error 但我收到以下错误
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE 'Walking'' at line 1
walking is just the search term. 步行只是搜索字词。
6 个解决方案
解决方案1
4 2015-07-17 06:51:49
You should echo $query out before you actually run it, copy the output and run it in a mysql session directly. 您应该在实际运行它之前echo $query ,复制输出并直接在mysql会话中运行它。 I'm guessing it will tell you that you need a space before the "WHERE" keyword. 我猜它会告诉您在"WHERE"关键字之前需要一个空格。
Oh, and mysql_query is deprecated and very dangerous - look at PDO or mysqli instead. 哦,不推荐使用mysql_query ,而且非常危险-请改用PDO or mysqli 。
解决方案2
1 2015-07-17 06:52:41
Looks like your problem is the concatination of your strings. 看起来您的问题是字符串的混淆。 The result will be SELECT * FROM videosWHERE name LIKE '{$search_term}' ; 结果将是SELECT * FROM videosWHERE name LIKE '{$search_term}' ;
Add a space before WHERE and the error should gone. 在WHERE之前添加一个空格,错误应该消失了。
You should not longer use the deprecated mysql_* API. 您不应再使用不推荐使用的mysql_* API。 Use mysqli_* or PDO with prepared statements to prevent sql-injection. 将mysqli_*或PDO与已准备好的语句一起使用,以防止sql注入。
解决方案3
1 2015-07-17 06:52:47
在您的WHERE子句中简单添加空格,如下所示:
$sql .= " WHERE name LIKE '{$search_term}'";
解决方案4
1 2015-07-17 06:52:58
只需在WHERE之前添加一个空格!
$sql .= " WHERE name LIKE '{$search_term}'";
解决方案5
1 2015-07-17 06:55:25
Your query is 您的查询是
$sql = "SELECT * FROM videos";
$sql .= "WHERE name LIKE '{$search_term}'";
No space between videos and where videos and where之间videos and where之间没有空间
You need to add space 您需要添加空间
$sql .= " WHERE name LIKE '{$search_term}'";
^
解决方案6
1 2015-07-17 07:08:48
You can use addslashes() function rather then use mysql_real_escape_string() . 您可以使用addslashes()函数,而不要使用mysql_real_escape_string() 。 The quote string with slashes so, it will be very useful to you when you are adding any apostrophe in your field. 引号字符串带有斜杠,因此,当您在字段中添加任何撇号时,对您将非常有用。
I have set php code with above detail, replace with your PHP code section and check. 我已经在上面设置了php代码,用您的PHP代码部分替换并检查。
<?php
$connection = mysql_connect("localhost","root","Oliver") or die (mysql_error());
mysql_select_db("videos", $connection) or die (mysql_error());
//Select statement for query
$sql = " SELECT * FROM videos ";
//Check for request
if (isset($_POST['search'])){
//Prepare request value for query
$search_term = addslashes($_POST['search_box']);
//Where statement
$sql .= " WHERE name LIKE '" . $search_term . "' ";
}
$query = mysql_query($sql) or die(mysql_error());
?>
I have remove some bug and set addslashes() . 我已经删除了一些错误并设置了addslashes() 。 Please try this. 请尝试这个。
And I suggest you, instead of using the old mysql* functions, use PDO and write parameterized queries. 我建议您不要使用旧的mysql *函数,而应使用PDO并编写参数化查询。
Let me know if require any help from me regarding this. 让我知道是否需要我提供任何帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.