PHP MySQL INSERT语句语法错误
[英]PHP MySQL INSERT statement syntax error
问题描述
I'm having problems with an INSERT statement, and the error only says: 
我在使用INSERT语句时遇到问题,并且错误仅显示:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
It's not helpful at all. 这根本没有帮助。 The version I have tried so far and failed is: 到目前为止,我尝试过但失败的版本是:
mysql_query("INSET INTO `cos` VALUES ('".$_GET['prod']."','".$_GET['page']."')");
[needless to say that the two variables when printed show the right values] I've also tried versions with nothing around the table name, with ` or ', a million combinations really and nothing works. [不用说两个变量在打印时显示正确的值]我也尝试过在表名周围什么都没有的版本中使用`或',实际上是一百万个组合,没有任何用处。 Not even with constants or into different tables. 甚至没有常量或不同的表。 It just won't insert anything ever. 它只是不会插入任何东西。 I've checked the privileges (I'm logging into it with root), and it's all on. 我已经检查了特权(我以root用户身份登录),并且一切都已就绪。
I've tried similar stuff on two different machines with the same server (XAMPP 1.7.7) and it works. 我已经在具有相同服务器(XAMPP 1.7.7)的两台不同机器上尝试了类似的东西,并且它可以工作。 I'm completely baffled! 我完全困惑了! What can it be? 会是什么
Thank you for your time! 感谢您的时间!
5 个解决方案
解决方案1
4 已采纳 2012-01-09 09:48:36
First and foremost, just type INSERT correctly. 首先,只需正确输入INSERT 。
Using _GET like that really opens you up to SQL INJECTIONS... 像这样使用_GET确实可以打开SQL INJECTIONS ...
Do take a look into MySQL prepared statements . 看一看MySQL准备好的语句 。
It is also considered good practice to name the columns that you're inserting data into. 命名插入数据的列也被认为是一种好习惯 。 That allows you to, latter on, insert extra-columns and keep application logic. 以后,您可以插入多余的列并保留应用程序逻辑。
INSERT INTO cos(rowName1, rowName2) VALUES(?, ?)
Where ? 在? would be prepared statements. 将准备的语句。
解决方案2
2 2012-01-09 09:45:55
Correct: 正确:
mysql_query("INSERT INTO `cos` VALUES ('".$_GET['prod']."','".$_GET['page']."')");
Have you tried passing the $link to mysql_query ? 您是否尝试过将$ link传递给mysql_query ?
Like: 喜欢:
mysql_query("INSERT INTO `cos` VALUES ('".$_GET['prod']."','".$_GET['page']."')", $link);
EDIT: And of course you must take some security measures before inserting anything into the database, maybe mysql_real_escape_string() or even prepared statements. 编辑:当然,在将任何内容插入数据库之前,您可能必须采取一些安全措施,也许是mysql_real_escape_string()甚至是准备好的语句。
解决方案3
0 2012-01-09 09:49:57
You are doing it wrong. 你做错了。 Why aren't you escaping the values? 您为什么不逃避这些价值观? Php.net documentation is providing some good and safe working examples: php.net文档提供了一些良好且安全的工作示例:
$query = sprintf("SELECT firstname, lastname, address, age FROM friends
WHERE firstname='%s' AND lastname='%s'",
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
// Perform Query
$result = mysql_query($query);
So adapted to your code: 因此适合您的代码:
$query = sprintf("INSERT INTO `cos` VALUES (%s, %s);",
mysql_real_escape_string($_GET['prod']),
mysql_real_escape_string($_GET['page']));
$result = mysql_query($query);
Please, always escape your values. 请,始终逃避您的价值观。 And use INSERT, not INSET :) 并使用INSERT,而不是INSET :)
解决方案4
0 2012-01-09 09:52:48
first this is you are using INSET make it correct with INSERT like 首先,这是您正在使用INSET使其与INSERT一样正确
$pro = mysql_real_escape_string($_GET['prod']);
$page = mysql_real_escape_string($_GET['page']);
mysql_query("INSERT INTO `cos` (column1, column2)
VALUES ('$pro', '$page')" );
you forget to set the column names... 你忘了设置列名...
解决方案5
0 2012-01-09 10:36:33
Try this: 尝试这个:
$prod = $_GET['prod'];
$page = $_GET['page'];
mysql_insert("INSERT INTO 'cos' VALUES('$prod','$page)");
This should very well do it :) 这应该做得很好:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.