我的mysql代码怎么了?
[英]What is wrong with my mysql code?
问题描述
What is wrong? 
怎么了? I get a syntax error. 我收到语法错误。 This code was working a week before and I made no changes to it. 这段代码在一周前开始工作,我没有对其进行任何更改。
Trying the query itself in phpmyadmin gave me the syntax error, any help? 在phpmyadmin中尝试查询本身给了我语法错误,有帮助吗?
5 个解决方案
解决方案1
2 2011-08-21 20:01:30
'$version', '0', '1',);
那里的逗号是做什么的
解决方案2
1 2011-08-21 20:00:59
最后一个值后面有逗号-是故意的吗?
解决方案3
1 2011-08-21 20:07:13
If you did not change the query at all and the comma issue others have pointed out is not the answer, then the inputs must have changed. 如果您根本没有更改查询,而其他人指出的逗号问题不是答案,那么输入必须已更改。 Where are the values like $username and $password coming from? $username和$password类的值从何而来? Are they properly escaped/sanitized? 他们是否正确逃脱/消毒? If the inputs are not escaped, and a particular value has a single-quote in it, then that would cause a syntax error (more importantly, it would also expose you to SQL injection). 如果输入未转义,并且特定值中包含单引号,则将导致语法错误(更重要的是,它还会使您遭受SQL注入)。
If the values are not currently escaped, the best solution is to use mysql_real_escape_string() on each variable in the insert, or to use prepared statements . 如果当前未对这些值进行转义,则最佳解决方案是在insert中的每个变量上使用mysql_real_escape_string()或使用Prepared语句 。
解决方案4
0 2011-08-21 20:15:35
Not using prepared statements in your code is the error. 错误不在代码中使用准备好的语句。
The safer and better way is to look at mysqli::prepare or pdo::prepare 更安全更好的方法是查看mysqli :: prepare或pdo :: prepare
$stmt = $mysqli->prepare("INSERT INTO `vewy`.`accountinfo` (`id`, `username`, `password`) VALUES (0, ?, ?)");
$stmt->bind_param('ss', $username, $password);
$username = 'admin';
$password = 'stackoverflow';
$stmt->execute();
解决方案5
0 已采纳 2011-08-22 07:31:47
Where is your code according to mr.robus code 根据mr.robus代码,您的代码在哪里
'$version', '0', '1',);
Yes He's Right We Can't Include comma in after last field 是的,他是对的,我们不能在最后一个字段之后加上逗号
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.