[英]PHP - MySQL syntax error (How to fix?)
I am trying to create tables based on a id that changes but i get a syntax error returned:我正在尝试根据更改的 ID 创建表,但返回了语法错误:
FAIL2: You have an error in your SQL syntax; FAIL2:您的 SQL 语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near '5 ( myID varchar(255), Data varchar(255), Related varchar(255), )' at line 1检查与您的 MySQL 服务器版本相对应的手册,以在第 1 行的“5 (myID varchar(255), Data varchar(255), Related varchar(255), )”附近使用正确的语法
@mysql_select_db('mydb'); // Connect to database
// Create Table
$tl = $myID[1];
$sqltable = $tl[0]; // Get first char from id
$sql = "CREATE TABLE IF NOT EXISTS $sqltable(myID varchar(255),Data varchar(255),Related varchar(255));";
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('FAIL2: ' . mysql_error());
}
echo "DONE<br>";
How can this be fixed?如何解决这个问题?
Try this, by way of example using mysqli_**试试这个,例如使用 mysqli_**
$link = mysqli_connect('localhost', 'user', 'pass', 'test');
/* check connection */
if (!$link) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$sqltable = 1234;
$stmt = mysqli_prepare($link, "CREATE TABLE IF NOT EXISTS `{$sqltable}` (
`myID` varchar(255),
`Data_` varchar(255),
`Related` varchar(255)
);"
);
if (mysqli_stmt_execute($stmt)) {
echo "success";
} else {
echo "failure";
}
mysqli_stmt_close($stmt);
Now,you should have a whitelist of table names that you check against first if the variable $sqltable is coming from user input in order to avoid sql injection.现在,如果变量 $sqltable 来自用户输入,您应该首先检查表名的白名单,以避免 sql 注入。
Change the column 'Data', it is a reserverd word in MySQL更改列“数据”,它是 MySQL 中的保留字
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.