插入错误的SQL语法
[英]insert into error sql syntax
问题描述
My test code is: 
我的测试代码是:
<?php
$connessione = mysql_connect("***", "***", "***");
mysql_select_db("***", $connessione);
$risultato = mysql_query("SELECT * FROM servem_vote", $connessione);
if(mysql_query("INSERT INTO servem_vote (uid,lastvote) VALUES ($uid,now()) ON DUPLICATE KEY UPDATE lastvote=now();
")) {
header('location:/home.php'); }
else {
echo "Error: " . mysql_error(); }
mysql_close($con);
?>
Error: You have an error in your SQL syntax;
DB: D B:
http://prntscr.com/ef7544 http://prntscr.com/ef7544
Where am I doing wrong? 我在哪里做错了?
1 个解决方案
解决方案1
0 已采纳 2017-03-02 18:08:46
You are missing $uid in the code you shared. 您共享的代码中缺少$uid 。 You don't set that value anywhere but you attempt to use it as part of your INSERT query. 您不会在任何地方设置该值,但是会尝试将其用作INSERT查询的一部分。
If it's coming from form data, grab it from $_REQUEST superglobal variable before attempting to use it: 如果它来自表单数据,请在尝试使用它之前从$_REQUEST超全局变量中获取它:
$uid = $_REQUEST['uid']
If it's NOT an integer in the MySQL table, you need to wrap it in single quotes as part of your statement. 如果它不是MySQL表中的整数,则需要将其用单引号括起来作为语句的一部分。
INSERT INTO servem_vote (uid,lastvote) VALUES ('$uid',now())
ON DUPLICATE KEY UPDATE lastvote=now();
I don't know what purpose this line serves: 我不知道这行有什么作用:
$risultato = mysql_query("SELECT * FROM servem_vote", $connessione);
You don't seem to do anything with the result set from this query. 您似乎对该查询的结果集不做任何事情。
MOST IMPORTANTLY : As many others have commented you need to be sanitizing your data and you should be relying on PDO or mysqli* functions to safely interact with your database. 最重要的是 :正如许多其他人所说,您需要清理数据,并且应该依靠PDO或mysqli *函数安全地与数据库交互。 See answers here 在这里查看答案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.