PHP中的MYSQL语法错误，但SQL有效

Question

I'm trying to start a transaction is mysql and insert data into the database. The database source sql can be found on github here . Here is the error:

Error: START TRANSACTION; INSERT INTO Books(Title, PublicationDate, PurchaseDate, Description, LocationID, GenreID) VALUES('Simple Genius', '2008-4-1','2009-5-7','','Hardbook Library','Fiction'); SET @bookid = LAST_INSERT_ID(); INSERT INTO BookAuthors(FirstName, MiddleName, LastName) VALUES('David', '', 'Baldacci'); SET @authorid = LAST_INSERT_ID(); INSERT INTO AuthorsInBooks(AuthorID, BookID) VALUES(@authorid, @bookid); COMMIT; You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO Books(Title, PublicationDate, PurchaseDate, Description, LocationID,' at line 3

Near 'INSERT INTO Books(Title, PublicationDate, PurchaseDate, Description, LocationID,' doesn't make sense to me because it is missing GenreID after LocationID. Am i missing something? When I copy and paste this code into phpmyadmin it works fine. My php version is 5.4.

Here is php code:

$sql = "
START TRANSACTION;

INSERT INTO Books(Title, PublicationDate, PurchaseDate, Description, LocationID, GenreID)
VALUES('".$Title."', '".$YearWritten."','".$YearPurchased."','".$Description."','".$Location."','".$Genre."');

SET @bookid =  LAST_INSERT_ID();

INSERT INTO BookAuthors(FirstName, MiddleName, LastName)
VALUES('".$AuthFirstName."', '".$AuthMiddleName."', '".$AuthLastName."');

SET @authorid =  LAST_INSERT_ID();

INSERT INTO AuthorsInBooks(AuthorID, BookID)
VALUES(@authorid, @bookid);

COMMIT;
";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

mysqli_close($conn);

Answer 1

mysqli_query()只能执行1个查询，如果要执行多个查询，则需要：

if (mysqli_multi_query($conn, $sql)) {

Answer 2

In response to your comment " Can I see an example of what you mean @eggyal ? ":

// mysqli provides API calls for managing transactions
mysqli_autocommit($conn, false);

// parameterise variables - NEVER concatenate them into dynamic SQL
$insert_book = mysqli_prepare($conn, '
  INSERT INTO Books
    (Title, PublicationDate, PurchaseDate, Description, LocationID, GenreID)
  VALUES
    (?, ?, ?, ?, ?, ?)
');

// bind the variables that (will) hold the actual values
mysqli_stmt_bind_param(
  $insert_book,
  'siisss', // string, integer, integer, string, string, string
  $Title, $YearWritten, $YearPurchased, $Description, $Location, $Genre
);

// execute the statement (you can change the values of some variables and
// execute repeatedly without repreparing, if so desired - much faster)
mysqli_stmt_execute($insert_book);

// mysqli provides API calls for obtaining generated ids of inserted records
$book_id = mysqli_insert_id($conn);

// ... etc ...

// use the API call to commit your transaction
mysqli_commit($conn);

// tidy up
mysqli_stmt_close($insert_book);

Note that I've not included above any error detection/handling, which you'd certainly want to include in any real-world code.