stackoom
  简体   繁体   中英

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax"

 原文  2018-06-19 03:42:14       php/ mysql

Question

Through the prompt method ,i'm taking the name of the person to create a table .The method is working and the name is being parsed by the php script .But no matter what ,the table is not getting created and getting the following

ERROR: Could not able to execute CREATE TABLE kat (Item VARCHAR(50) , Quantity INTEGER, Price REAL).
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'kat (Item VARCHAR(' at line 1 " 

echo("<script type='text/javascript'> var answer = prompt('Enter name'); </script>");
$na= "<script type='text/javascript'> document.write(answer); </script>";
$sql = "CREATE TABLE $na (Item VARCHAR(50) , Quantity INTEGER, Price REAL)"; 
if(mysqli_query($conn, $sql)){
    echo "Table created successfully.";}
else {
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}

2 answers

solution1
 1  2018-06-19 04:14:10

The problem is that you are sending the following as the name of the table (expansion of $na ):

<script type='text/javascript'> document.write(answer); </script> <script type='text/javascript'> document.write(answer); </script> which shows as kat in your error message in the browser, but in reality is it is the Javascript code above, which produces an invalid SQL statement. $na should be set to something you send to the web server via GET or POST, which will be available in the $_GET , $_POST , or $_REQUEST variables, or in the php://input stream if you send it in the body of the POST request, eg as JSON. Another issue, but nevertheless worth mentioning - make sure to sanitize the user input to avoid the possibility of SQL-injection.

So, for example, have a POST form with a field answer that you send to the server, and then $na = mysqli_escape_string($_POST["answer"]); followed by $sql = "create table `$na` (Item VARCHAR(50) , Quantity INTEGER, Price REAL)"; and the rest of your code.

solution2
 0  2018-06-19 03:53:25

将您的连接添加到$con.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use A Database Error Occurred You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use in Update You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use nea You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1 Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 1 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM