stackoom
  简体   繁体   中英

working perl ascript now says .DBD::mysql::db do failed: You have an error in your SQL syntax;

 原文  2012-12-02 16:26:04       mysql/ perl

Question

I got this perl script and it used to work fine till recently. i am getting this error message.

DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '') ON DUPLICATE KEY UPDATE value=''' at line 2 at import_productfeatures.pl line 71. DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL serve r version for the right syntax to use near ' '') ON DUPLICATE KEY UPDATE value=''' at line 2 at import_productfeatures.pl line 71. 

foreach my $feature (@features) {
    my $cat_featureid = $feature->{CategoryFeature_ID};
    my $value = $feature->{Presentation_Value};
    my $sql = "INSERT INTO products_features (product_id, feature_id, value) 
        VALUES (".$prodid.", ".$cat_featureid.", ".$dbh->quote($value).") 
        ON DUPLICATE KEY UPDATE value=".$dbh->quote($value);
    $dbh->do($sql);
  }

3 answers

solution1
 6  2012-12-02 17:55:25

You should use placeholders, instead of putting the values directly into the string: 

my $sql = "INSERT INTO products_features (product_id, feature_id, value) 
   VALUES (?,?,?) 
   ON DUPLICATE KEY UPDATE value=?";
my $sth = $dbh->prepare($sql);

foreach my $feature (@features) {
    my $cat_featureid = $feature->{CategoryFeature_ID};
    my $value = $feature->{Presentation_Value};

    $sth->execute($prodid,$cat_featureid,$value,$value);
}

$sth->finish();

DBI will handle the correct escaping for you.

solution2
 3  2012-12-02 16:30:24

Print out the value of $sql so you can see the SQL statement that you are building. Then you can see what the syntax problem is, or post it here so we can diagnose it.

However, even more than that, you should be using parametrized queries, not building SQL statements with untrusted external data. You are leaving yourself open to SQL injection. Please see http://bobby-tables.com/perl.html for examples on how to do it properly.

solution3
 -1  2012-12-02 16:36:58

I think u missed single quote.

change 

my $sql = "INSERT INTO products_features (product_id, feature_id, value) 
        VALUES (".$prodid.", ".$cat_featureid.", ".$dbh->quote($value).") 
        ON DUPLICATE KEY UPDATE value=".$dbh->quote($value);

to 

my $sql = "INSERT INTO products_features (product_id, feature_id, value) 
        VALUES (".$prodid.", ".$cat_featureid.", '".$dbh->quote($value)."') 
        ON DUPLICATE KEY UPDATE value='".$dbh->quote($value."'");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MYSQL: You have an error in your SQL syntax You have an error in your SQL syntax; MySql rake db:seed fails with error message Mysql2::Error: You have an error in your SQL syntax Query Failed!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version MySQL Syntax error | You have an error in your SQL syntax; MySQL syntax:You have an error in your SQL syntax… You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-db' You have an error in your SQL syntax; and $db->query(ERROR: 1) MySQL syntax:You have an error in your SQL syntax Table creation failed: (1064) You have an error in your SQL syntax
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM