创建列时出现sql语法错误

Question

I am trying to run the following query, but am getting a sql syntax error, but dreamweaver doesnt seem to be highlighting any error so im not sure where it is ?. 我试图运行以下查询，但我得到一个SQL语法错误，但Dreamweaver似乎没有突出显示任何错误，所以我不知道它在哪里？ thanks :-) 谢谢：-）

<?php
$form_id = $_POST[form_id];
    $query = mysql_query("
IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.COLUMNS
WHERE 
TABLE_NAME = 'email_history' 
AND COLUMN_NAME = `$form_id`)
BEGIN
 ALTER TABLE 'email_history' ADD `$form_id` VARCHAR( 255 ) NOT NULL
END;
") or die(mysql_error());
?>

Answer 1

Have a look at 看一下

‘$form_id`

You probably mean 你可能意味着

`$form_id`

Update: Once more wrong quotes 更新：再一次错误的报价

'email_history'

should be 应该

`email_history`

Remind: Backticks ` are for qualifiers (tablenames and such), where the apostroph ' is for values. 提醒：Backticks`用于限定符（tablenames等），其中apostroph '用于值。

Answer 2

Here is the correct quotation format. 这是正确的报价格式。

$query = mysql_query("
IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.COLUMNS
WHERE 
TABLE_NAME = 'email_history' 
AND COLUMN_NAME = '$form_id')
BEGIN
    ALTER TABLE `email_history` ADD `$form_id` VARCHAR( 255 ) NOT NULL
END;
") or die(mysql_error());

Answer 3

Try this. 尝试这个。

$form_id = $_POST[form_id];
$query = mysql_query("
  IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.COLUMNS
    WHERE 
    TABLE_NAME = 'email_history' 
    AND COLUMN_NAME = '$form_id')
  BEGIN
    ALTER TABLE `email_history` ADD `$form_id` VARCHAR( 255 ) NOT NULL
  END;
") or die(mysql_error());

Also, just on side note, you should never directly use the values from User input into your SQL. 另外，请注意，您不应该直接使用用户输入中的值到SQL中。 This is to prevent SQL injection. 这是为了防止SQL注入。 Here are a few links on MySQL Injection which I found: 以下是MySQL注入的一些链接，我发现：

http://www.php.net/manual/en/security.database.sql-injection.php http://25yearsofprogramming.com/blog/2011/20110205.htm https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet http://www.php.net/manual/en/security.database.sql-injection.php http://25yearsofprogramming.com/blog/2011/20110205.htm https://www.owasp.org/index。 PHP / SQL_Injection_Prevention_Cheat_Sheet

Answer 4

<?php
$form_id = $_POST[form_id];
    $query = mysql_query("
IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.COLUMNS
WHERE 
TABLE_NAME = 'email_history' 
AND COLUMN_NAME = '$form_id')
BEGIN
 ALTER TABLE email_history ADD `$form_id` VARCHAR( 255 ) NOT NULL
END;
") or die(mysql_error());
?>

Answer 5

Everyone has focused on bad quoting, but is there any chance of this query to run? 每个人都专注于糟糕的引用，但这个查询是否有可能运行？ Does MySQL allow such conditional statements? MySQL是否允许这样的条件语句？ I know this is possible in stored routines but I have never heard of such direct usage, so I would split this into two queries: column existence check and table alteration. 我知道这在存储例程中是可能的，但我从未听说过这样的直接用法，所以我将它分成两个查询：列存在检查和表更改。

This will look like this: 这将是这样的：

<?php
$form_id = some_function_to_check_if_input_is_valid_etc($_POST[form_id]);
$exist_result = mysql_query("SELECT IF(NOT EXISTS(
    SELECT * 
    FROM    INFORMATION_SCHEMA.COLUMNS
    WHERE   TABLE_NAME  = 'email_history' 
    AND     COLUMN_NAME = '{$form_id}'
    ),1,0) AS should_alter_table
");
$row = mysql_fetch_assoc($exist_result);
if($row['should_alter_table']){
    mysql_query("ALTER TABLE email_history ADD `{$form_id}` VARCHAR( 255 ) NOT NULL");
}

创建列时出现sql语法错误

问题描述

5 个解决方案

解决方案1
1 2012-01-01 20:23:36

解决方案2
1 2012-01-01 20:35:31

解决方案3
0 2012-01-01 21:01:54

解决方案4
0

解决方案5
0 已采纳 2012-01-01 21:27:39

创建列时出现sql语法错误

问题描述

5 个解决方案

解决方案1 1 2012-01-01 20:23:36

解决方案2 1 2012-01-01 20:35:31

解决方案3 0 2012-01-01 21:01:54

解决方案4 0

解决方案5 0 已采纳 2012-01-01 21:27:39

解决方案1
1 2012-01-01 20:23:36

解决方案2
1 2012-01-01 20:35:31

解决方案3
0 2012-01-01 21:01:54

解决方案4
0

解决方案5
0 已采纳 2012-01-01 21:27:39