stackoom
  简体   繁体   中英

Php SQL syntax error

 原文  2011-04-19 00:11:59       php/ sql/ syntax

Question

I've tried to arrange this in a few ways but the error message stays almost the same:

15Error retrieving scores You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table WHERE id>15 1 ORDER BY id ASC LIMIT 0,100' at line 1

The call i make is

http://myserver.com/get_dbupdates2.php?theid=15 

    $type   = isset($_GET['type']) ? $_GET['type'] : "global";
$offset = isset($_GET['offset']) ? $_GET['offset'] : "0";
$count  = isset($_GET['count']) ? $_GET['count'] : "100";
$sort   = isset($_GET['sort']) ? $_GET['sort'] : "id ASC";

// Localize the GET variables
$udid  = isset($_GET['udid']) ? $_GET['udid'] : "";
$name  = isset($_GET['name']) ? $_GET['name']  : "";
$clubname  = isset($_GET['clubname']) ? $_GET['clubname']  : "";
$theid  = isset($_GET['theid']) ? $_GET['theid']  : ""; 


// Protect against sql injections
$type   = mysql_real_escape_string($type);
$offset = mysql_real_escape_string($offset);
$count  = mysql_real_escape_string($count);
$sort   = mysql_real_escape_string($sort);
$udid   = mysql_real_escape_string($udid);
$name   = mysql_real_escape_string($name);
$clubname   = mysql_real_escape_string($clubname);
$theid   = mysql_real_escape_string($theid);

    echo $theid;

// Build the sql query
//$sql = "SELECT * FROM $table WHERE ";
$sql = "SELECT * FROM $table WHERE id>$theid ";

switch($type) {
    case "global":
        $sql .= "1 ";
        break;
    case "device":
        $sql .= "udid = '$udid' ";
        break;
    case "name":
        $sql .= "name = '$name' ";
        break;
    case "clubname":
        $sql .= "clubname = '$clubname' ";
        break;
    case "theid":
        $sql .= "theid = '$theid' ";
        break;
}

$sql .= "ORDER BY $sort ";
$sql .= "LIMIT $offset,$count ";

$result = mysql_query($sql,$conn);

Anybody able to see where I went wrong?

Kindest Regards, -Code

EDIT

See these 2 lines 

//$sql = "SELECT * FROM $table WHERE ";
$sql = "SELECT * FROM $table WHERE id>$theid ";

If i comment out the bottom line, and uncomment the top line the script runs ok and returns the data. But leaving it as it is gives the error.

So this leaves me to believe the problem is something to do with 

id>$theid ";

Regards -Code

1 answers

solution1
 2 ACCPTED  2011-04-19 00:20:19

Named table 'table' must be quoted like that 

SELECT * FROM `table`

and you must define AND or OR between conditions eg $sql .= "AND clubname = '$clubname' ";

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Syntax error with SQL in PHP SQL Syntax Error in PHP Sql into php syntax error PHP SQL Syntax Error? PHP ERROR in SQL syntax SQL/php syntax error PHP and SQL: Syntax Error PHP/SQL - Error SQL syntax PHP Error, ERROR IN SQL SYNTAX SQL Syntax error in PHP script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM