[英]PHP/SQL - Incorrect Syntax
I'm new to MySQL Queries. 我是MySQL查询的新手。 This is what I have so far what did I do wrong?
到目前为止,这是我做错了什么?
"INSERT INTO users (ip) WHERE id = '".$_SESSION["user"]["id"]."'
VALUES ('$ip')"
EDIT 编辑
I just was asking about how my syntax was wrong. 我只是在问语法错误。 I understand the vulnerabilities, and did not paste them in my question.
我了解这些漏洞,没有将其粘贴到我的问题中。 I am using the PDO library and mysql_real_string_escape WHENEVER I can...
我正在使用PDO库和mysql_real_string_escape,只要可以...
INSERT query is wrong. INSERT查询错误。 I think you are updating something and you need to use UPDATE query
我认为您正在更新某些内容,因此需要使用UPDATE查询
UPDATE users SET ip = '$ip' WHERE id = '".$_SESSION["user"]["id"]."'
Also work on fixing sql injection attacks. 还可以修复SQL注入攻击。
INSERT INTO users (ip)
VALUES ('value to insert')
or 要么
UPDATE users
SET ip = 'value to update'
WHERE ip = 'value to check'
Also, wrap your value to update
and value to insert
in a PHP mysqli_real_escape_string($DB,$val)
另外,包装您的
value to update
并将value to insert
PHP mysqli_real_escape_string($DB,$val)
INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)
WHERE column_name operator value
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.