[英]SQL syntax error '' near line way outside my file length
I have this code to send the data of 3 input fields for an id-number and 2 dates (2 selectors, one text field) to my database. 我有这段代码可以将3个输入字段的ID号和2个日期(2个选择器,一个文本字段)的数据发送到我的数据库。 All 3 columns are VARCHAR. 所有3列均为VARCHAR。 I am using a form with method POST. 我正在使用带有POST方法的表单。
I get this error: 我收到此错误:
You have an error in your SQL syntax; 您的SQL语法有误; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 336 检查与您的MariaDB服务器版本相对应的手册以获取正确的语法以在第336行的''附近使用
I do not have 336 lines in any of my files. 我的任何文件中都没有336行。
This is what PHP and SQL code I have in my file. 这就是我文件中包含的PHP和SQL代码。 I've been going through it for a long while now but can't seem to find where this syntax error lies. 我已经花了很长时间了,但是似乎找不到此语法错误所在。 Any ideas? 有任何想法吗?
<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];
//Create DB object
$db = new Database();
//Create query to fetch personel
$query = "SELECT * FROM funktionar";
//Run above query
$personel = $db->select($query);
//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;
//Run above query
$konsert = $db->select($query);
if(isset($_POST['submit'])) {
//Assign variables
$namn = mysqli_real_escape_string($db->link, $_POST['personalID']);
$tidStart = mysqli_real_escape_string($db->link, $_POST['tidStart']);
$tidSlut = mysqli_real_escape_string($db->link, $_POST['tidSlut']);
//Simple validation
if($namn == '' || $tidStart == '' || $tidSlut == ''){
//Set error if any field is left empty
$error = 'Vänligen fyll i alla fält.';
} else {
$query = "INSERT INTO sakerhet
(personalID, tidStart, tidSlut)
VALUES ('$namn', '$tidStart', '$tidSlut')";
$insert_row = $db->insert($query);
}
}
?>
EDIT: Have added the insert function: 编辑:添加了插入功能:
public function insert($query) {
$insert_row = $this->link->query($query) or die($this->link->error.__LINE__);
//Validate insert
if($insert_row) {
header("Location: index.php?msg=".urlencode('Record Added'));
exit();
} else {
die('Error : ('.$this->link->errno .') '.$this->link->error);
}
}
Final and working solution. 最终和可行的解决方案。 This SQL error occured due to: 出现此SQL错误的原因是:
Conclusion It wasn't as much a syntax error as the query having problems executing itself due to above. 结束语与上面提到的查询执行自身的问题相比,这并不是语法错误。 The syntax was correct. 语法正确。
Disclaimer This code is not 100% safe nor 100% done. 免责声明此代码不是100%安全的,也不是100%完成的。 The input fields are NOT sanitised and as was pointed out to me by @EagleRainbow it is not safe to use the "$id = $_GET['id'];". 输入字段未清除,正如@EagleRainbow指出的那样,使用“ $ id = $ _GET ['id'];”并不安全。
Code 码
<?php
//Fetches the id of the konsert selected.
$id = $_GET['id'];
//Create DB object
$db = new Database();
//Create query to fetch personel
$query = "SELECT * FROM funktionar";
//Run above query
$personel = $db->select($query);
//Select all from table sakerhet
$query = "SELECT * FROM sakerhet";
//Run above query
$safety = $db->select($query);
//Fetch all from konsert matching the id
$query = "SELECT * FROM konsert WHERE konsertID=".$id;
//Run above query
$konsert = $db->select($query);
<?php
if(isset($_POST['submit'])) {
//Assign variables
$selected = $_POST['safetyName'];
$tidStart = $_POST['tidStart'];
$tidSlut = $_POST['tidSlut'];
$konsert = $id;
//Simple validation
if($selected == '' || $tidStart == '' || $tidSlut == ''){
//Set error if any field is left empty
$error = "Vänligen fyll i alla fält.";
} else {
$query = "INSERT INTO sakerhet (personalID, tidStart, tidSlut, konsertID) VALUES ('$selected', '$tidStart', '$tidSlut', '$konsert')";
$insert_row = $db->insert($query);
}
}
?>
Code from database file 数据库文件中的代码
public function insert($query) {
$insert_row = $this->link->query($query) or die($this->link->error.__LINE__);
//Validate insert
if($insert_row) {
header("Location: index.php?msg=".urlencode('Record Added'));
exit();
} else {
die('Error : ('.$this->link->errno .') '.$this->link->error);
}
}
Thanks for the help given. 感谢您的帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.