PHP / SQL-错误的语法
[英]PHP/SQL - Incorrect Syntax
问题描述
I'm new to MySQL Queries. 
我是MySQL查询的新手。 This is what I have so far what did I do wrong? 到目前为止,这是我做错了什么?
"INSERT INTO users (ip) WHERE id = '".$_SESSION["user"]["id"]."'
VALUES ('$ip')"
EDIT 编辑
I just was asking about how my syntax was wrong. 我只是在问语法错误。 I understand the vulnerabilities, and did not paste them in my question. 我了解这些漏洞,没有将其粘贴到我的问题中。 I am using the PDO library and mysql_real_string_escape WHENEVER I can... 我正在使用PDO库和mysql_real_string_escape,只要可以...
3 个解决方案
解决方案1
4 已采纳 2012-11-26 02:11:45
INSERT query is wrong. INSERT查询错误。 I think you are updating something and you need to use UPDATE query 我认为您正在更新某些内容,因此需要使用UPDATE查询
UPDATE users SET ip = '$ip' WHERE id = '".$_SESSION["user"]["id"]."'
Also work on fixing sql injection attacks. 还可以修复SQL注入攻击。
解决方案2
1 2012-11-26 02:13:18
INSERT INTO users (ip)
VALUES ('value to insert')
or 要么
UPDATE users
SET ip = 'value to update'
WHERE ip = 'value to check'
Also, wrap your value to update and value to insert in a PHP mysqli_real_escape_string($DB,$val) 另外,包装您的value to update并将value to insert PHP mysqli_real_escape_string($DB,$val)
解决方案3
0 2012-11-26 02:12:47
INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)
WHERE column_name operator value
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.